]> git.ipfire.org Git - thirdparty/systemd.git/blame - NEWS
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #747 from dvdhrm/consoled
[thirdparty/systemd.git] / NEWS
CommitLineData
d657c51f 1systemd System and Service Manager
220a21d3 2
e57eaef8
DH		 3CHANGES WITH 223:
4
5 * The python-systemd code has been removed from the systemd repository.
6 A new repository has been created which accommodates the code from
7 now on, and we kindly ask distributions to create a separate package
8 for this: https://github.com/systemd/python-systemd
9
01608bc8 10 * The systemd daemon will now reload its main configuration
e57eaef8
DH		 11 (/etc/systemd/system.conf) on daemon-reload.
12
13 * sd-dhcp now exposes vendor specific extensions via
14 sd_dhcp_lease_get_vendor_specific().
15
931618d0
DM		 16 * systemd-networkd gained a number of new configuration options.
17
18 - A new boolean configuration option for TAP devices called
37d54b93 19 'VNetHeader='. If set, the IFF_VNET_HDR flag is set for the
931618d0
DM		 20 device, thus allowing to send and receive GSO packets.
21
22 - A new tunnel configuration option called 'CopyDSCP='.
23 If enabled, the DSCP field of ip6 tunnels is copied into the
24 decapsulated packet.
25
26 - A set of boolean bridge configuration options were added.
27 'UseBPDU=', 'HairPin=', 'FastLeave=', 'AllowPortToBeRoot=',
28 and 'UnicastFlood=' are now parsed by networkd and applied to the
29 respective bridge link device via the respective IFLA_BRPORT_*
30 netlink attribute.
31
32 - A new string configuration option to override the hostname sent
33 to a DHCP server, called 'Hostname='. If set and 'SendHostname='
34 is true, networkd will use the configured hostname instead of the
35 system hostname when sending DHCP requests.
36
37 - A new tunnel configuration option called 'IPv6FlowLabel='. If set,
38 networkd will configure the IPv6 flow-label of the tunnel device
39 according to RFC2460.
e57eaef8
DH		 40
41 * systemd-resolved now implements RFC5452 to improve resilience against
01608bc8 42 cache poisoning. Additionally, source port randomization is enabled
e57eaef8
DH		 43 by default to further protect against DNS spoofing attacks.
44
45 * nss-mymachines now supports translating UIDs and GIDs of running
46 containers with user-namespaces enabled. If a container 'foo'
47 translates a host uid 'UID' to the container uid 'TUID', then
48 nss-mymachines will also map uid 'UID' to/from username 'vu-foo-TUID'
49 (with 'foo' and 'TUID' replaced accordingly). Similarly, groups are
50 mapped as 'vg-foo-TGID'.
51
52 Contributions from: Beniamino Galvani, cee1, Christian Hesse, Daniel
53 Buch, Daniel Mack, daurnimator, David Herrmann, Dimitri John Ledkov, Jan
54 Alexander Steffens (heftig), Johan Ouwerkerk, Jose Carlos Venegas Munoz,
55 Kay Sievers, Lennart Poettering, Lidong Zhong, Martin Pitt, Michael
56 Biebl, Michael Olbrich, Michal Schmidt, Mike Gilbert, Namhyung Kim, Nick
57 Owens, Peter Hutterer, Richard Maw, Steven Allen, Sungbae Yoo, Susant
58 Sahani, Thomas Blume, Thomas Hindoe Paaboel Andersen, Tom Gundersen,
59 Umut Tezduyar Lindskog, Vito Caputo, Vivenzio Pagliari, Zbigniew
60 Jędrzejewski-Szmek
61
62 -- Berlin, 2015-XX-XX
63
0db83ad7 64CHANGES WITH 222:
5541c889 65
861b02eb
KS		 66 * udev does not longer support the WAIT_FOR_SYSFS= key in udev rules.
67 There are no known issues with current sysfs, and udev does not need
68 or should be used to work around such bugs.
69
70 * udev does no longer enable USB HID power management. Several reports
71 indicate, that some devices cannot handle that setting.
0db83ad7
DH		 72
73 * The udev accelerometer helper was removed. The functionality
74 is now fully included in iio-sensor-proxy. But this means,
75 older iio-sensor-proxy versions will no longer provide
76 accelerometer/orientation data with this systemd version.
77 Please upgrade iio-sensor-proxy to version 1.0.
78
5541c889
DH		 79 * networkd gained a new configuration option IPv6PrivacyExtensions=
80 which enables IPv6 privacy extensions (RFC 4941, "Privacy Extensions
81 for Stateless Address") on selected networks.
82
9b361114
DM		 83 * For the sake of fewer build-time dependencies and less code in the
84 main repository, the python bindings are about to be removed in the
85 next release. A new repository has been created which accommodates
86 the code from now on, and we kindly ask distributions to create a
87 separate package for this. The removal will take place in v223.
88
89 https://github.com/systemd/python-systemd
90
0db83ad7
DH		 91 Contributions from: Abdo Roig-Maranges, Andrew Eikum, Bastien Nocera,
92 Cédric Delmas, Christian Hesse, Christos Trochalakis, Daniel Mack,
93 daurnimator, David Herrmann, Dimitri John Ledkov, Eric Biggers, Eric
94 Cook, Felipe Sateler, Geert Jansen, Gerd Hoffmann, Gianpaolo Macario,
5541c889
DH		 95 Greg Kroah-Hartman, Iago López Galeiras, Jan Alexander Steffens
96 (heftig), Jan Engelhardt, Jay Strict, Kay Sievers, Lennart Poettering,
0db83ad7
DH		 97 Markus Knetschke, Martin Pitt, Michael Biebl, Michael Marineau, Michal
98 Sekletar, Miguel Bernal Marin, Peter Hutterer, Richard Maw, rinrinne,
2d1ca112
DH		 99 Susant Sahani, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein
100 Husebø, Vedran Miletić, WaLyong Cho, Zbigniew Jędrzejewski-Szmek
0db83ad7 101
2d1ca112 102 -- Berlin, 2015-07-07
0db83ad7 103
0f0467e6
MP		 104CHANGES WITH 221:
105
470e72d4 106 * The sd-bus.h and sd-event.h APIs have now been declared
5f92d24f 107 stable and have been added to the official interface of
470e72d4
LP		 108 libsystemd.so. sd-bus implements an alternative D-Bus client
109 library, that is relatively easy to use, very efficient and
110 supports both classic D-Bus as well as kdbus as transport
111 backend. sd-event is a generic event loop abstraction that
112 is built around Linux epoll, but adds features such as event
0aee49d5 113 prioritization or efficient timer handling. Both APIs are good
470e72d4
LP		 114 choices for C programs looking for a bus and/or event loop
115 implementation that is minimal and does not have to be
5f92d24f 116 portable to other kernels.
0f0467e6 117
470e72d4
LP		 118 * kdbus support is no longer compile-time optional. It is now
119 always built-in. However, it can still be disabled at
120 runtime using the kdbus=0 kernel command line setting, and
c6551464 121 that setting may be changed to default to off, by specifying
470e72d4
LP		 122 --disable-kdbus at build-time. Note though that the kernel
123 command line setting has no effect if the kdbus.ko kernel
124 module is not installed, in which case kdbus is (obviously)
125 also disabled. We encourage all downstream distributions to
0aee49d5 126 begin testing kdbus by adding it to the kernel images in the
470e72d4
LP		 127 development distributions, and leaving kdbus support in
128 systemd enabled.
0f0467e6 129
470e72d4
LP		 130 * The minimal required util-linux version has been bumped to
131 2.26.
132
133 * Support for chkconfig (--enable-chkconfig) was removed in
0aee49d5 134 favor of calling an abstraction tool
470e72d4
LP		 135 /lib/systemd/systemd-sysv-install. This needs to be
136 implemented for your distribution. See "SYSV INIT.D SCRIPTS"
137 in README for details.
138
139 * If there's a systemd unit and a SysV init script for the
140 same service name, and the user executes "systemctl enable"
141 for it (or a related call), then this will now enable both
142 (or execute the related operation on both), not just the
143 unit.
144
145 * The libudev API documentation has been converted from gtkdoc
146 into man pages.
147
148 * gudev has been removed from the systemd tree, it is now an
149 external project.
150
151 * The systemd-cgtop tool learnt a new --raw switch to generate
0aee49d5 152 "raw" (machine parsable) output.
470e72d4
LP		 153
154 * networkd's IPForwarding= .network file setting learnt the
155 new setting "kernel", which ensures that networkd does not
156 change the IP forwarding sysctl from the default kernel
157 state.
158
159 * The systemd-logind bus API now exposes a new boolean
160 property "Docked" that reports whether logind considers the
161 system "docked", i.e. connected to a docking station or not.
162
163 Contributions from: Alex Crawford, Andreas Pokorny, Andrei
164 Borzenkov, Charles Duffy, Colin Guthrie, Cristian Rodríguez,
165 Daniele Medri, Daniel Hahler, Daniel Mack, David Herrmann,
166 David Mohr, Dimitri John Ledkov, Djalal Harouni, dslul, Ed
167 Swierk, Eric Cook, Filipe Brandenburger, Gianpaolo Macario,
168 Harald Hoyer, Iago López Galeiras, Igor Vuk, Jan Synacek,
169 Jason Pleau, Jason S. McMullan, Jean Delvare, Jeff Huang,
170 Jonathan Boulle, Karel Zak, Kay Sievers, kloun, Lennart
171 Poettering, Marc-Antoine Perennou, Marcel Holtmann, Mario
172 Limonciello, Martin Pitt, Michael Biebl, Michael Olbrich,
173 Michal Schmidt, Mike Gilbert, Nick Owens, Pablo Lezaeta Reyes,
b912e251
LP		 174 Patrick Donnelly, Pavel Odvody, Peter Hutterer, Philip
175 Withnall, Ronny Chevalier, Simon McVittie, Susant Sahani,
176 Thomas Hindoe Paaboel Andersen, Tom Gundersen, Torstein
177 Husebø, Umut Tezduyar Lindskog, Viktar Vauchkevich, Werner
178 Fink, Zbigniew Jędrzejewski-Szmek
470e72d4 179
b912e251 180 -- Berlin, 2015-06-19
0f0467e6 181
481a0aa2
LP		 182CHANGES WITH 220:
183
f7a73a25
DH		 184 * The gudev library has been extracted into a separate repository
185 available at: https://git.gnome.org/browse/libgudev/
186 It is now managed as part of the Gnome project. Distributions
187 are recommended to pass --disable-gudev to systemd and use
188 gudev from the Gnome project instead. gudev is still included
189 in systemd, for now. It will be removed soon, though. Please
190 also see the announcement-thread on systemd-devel:
191 http://lists.freedesktop.org/archives/systemd-devel/2015-May/032070.html
192
481a0aa2
LP		 193 * systemd now exposes a CPUUsageNSec= property for each
194 service unit on the bus, that contains the overall consumed
195 CPU time of a service (the sum of what each process of the
196 service consumed). This value is only available if
197 CPUAccounting= is turned on for a service, and is then shown
198 in the "systemctl status" output.
199
200 * Support for configuring alternative mappings of the old SysV
201 runlevels to systemd targets has been removed. They are now
29d1fcb4 202 hardcoded in a way that runlevels 2, 3, 4 all map to
481a0aa2
LP		 203 multi-user.target and 5 to graphical.target (which
204 previously was already the default behaviour).
205
206 * The auto-mounter logic gained support for mount point
207 expiry, using a new TimeoutIdleSec= setting in .automount
208 units. (Also available as x-systemd.idle-timeout= in /etc/fstab).
209
210 * The EFI System Partition (ESP) as mounted to /boot by
211 systemd-efi-boot-generator will now be unmounted
29d1fcb4 212 automatically after 2 minutes of not being used. This should
481a0aa2
LP		 213 minimize the risk of ESP corruptions.
214
215 * New /etc/fstab options x-systemd.requires= and
216 x-systemd.requires-mounts-for= are now supported to express
217 additional dependencies for mounts. This is useful for
218 journalling file systems that support external journal
219 devices or overlay file systems that require underlying file
220 systems to be mounted.
221
222 * systemd does not support direct live-upgrades (via systemctl
223 daemon-reexec) from versions older than v44 anymore. As no
224 distribution we are aware of shipped such old versions in a
225 stable release this should not be problematic.
226
227 * When systemd forks off a new per-connection service instance
228 it will now set the $REMOTE_ADDR environment variable to the
229 remote IP address, and $REMOTE_PORT environment variable to
230 the remote IP port. This behaviour is similar to the
231 corresponding environment variables defined by CGI.
232
233 * systemd-networkd gained support for uplink failure
234 detection. The BindCarrier= option allows binding interface
235 configuration dynamically to the link sense of other
236 interfaces. This is useful to achieve behaviour like in
237 network switches.
238
239 * systemd-networkd gained support for configuring the DHCP
240 client identifier to use when requesting leases.
241
242 * systemd-networkd now has a per-network UseNTP= option to
243 configure whether NTP server information acquired via DHCP
244 is passed on to services like systemd-timesyncd.
245
246 * systemd-networkd gained support for vti6 tunnels.
247
1579dd2c
LP		 248 * Note that systemd-networkd manages the sysctl variable
249 /proc/sys/net/ipv[46]/conf/*/forwarding for each interface
250 it is configured for since v219. The variable controls IP
251 forwarding, and is a per-interface alternative to the global
252 /proc/sys/net/ipv[46]/ip_forward. This setting is
253 configurable in the IPForward= option, which defaults to
254 "no". This means if networkd is used for an interface it is
255 no longer sufficient to set the global sysctl option to turn
256 on IP forwarding! Instead, the .network file option
257 IPForward= needs to be turned on! Note that the
258 implementation of this behaviour was broken in v219 and has
259 been fixed in v220.
260
481a0aa2
LP		 261 * Many bonding and vxlan options are now configurable in
262 systemd-networkd.
263
264 * systemd-nspawn gained a new --property= setting to set unit
265 properties for the container scope. This is useful for
266 setting resource parameters (e.g "CPUShares=500") on
267 containers started from the command line.
268
269 * systemd-nspawn gained a new --private-users= switch to make
270 use of user namespacing available on recent Linux kernels.
271
272 * systemd-nspawn may now be called as part of a shell pipeline
273 in which case the pipes used for stdin and stdout are passed
274 directly to the process invoked in the container, without
275 indirection via a pseudo tty.
276
277 * systemd-nspawn gained a new switch to control the UNIX
278 signal to use when killing the init process of the container
279 when shutting down.
280
281 * systemd-nspawn gained a new --overlay= switch for mounting
282 overlay file systems into the container using the new kernel
283 overlayfs support.
284
285 * When a container image is imported via systemd-importd and
286 the host file system is not btrfs, a loopback block device
287 file is created in /var/lib/machines.raw with a btrfs file
288 system inside. It is then mounted to /var/lib/machines to
289 enable btrfs features for container management. The loopback
290 file and btrfs file system is grown as needed when container
291 images are imported via systemd-importd.
292
293 * systemd-machined/systemd-importd gained support for btrfs
294 quota, to enforce container disk space limits on disk. This
295 is exposed in "machinectl set-limit".
296
297 * systemd-importd now can import containers from local .tar,
298 .raw and .qcow2 images, and export them to .tar and .raw. It
299 can also import dkr v2 images now from the network (on top
300 of v1 as before).
301
302 * systemd-importd gained support for verifying downloaded
303 images with gpg2 (previously only gpg1 was supported).
304
305 * systemd-machined, systemd-logind, systemd: most bus calls
306 are now accessible to unprivileged processes via
307 PolicyKit. Also, systemd-logind will now allow users to kill
308 their own sessions without further privileges or
309 authorization.
310
311 * systemd-shutdownd has been removed. This service was
312 previously responsible for implementing scheduled shutdowns
313 as exposed in /usr/bin/shutdown's time parameter. This
314 functionality has now been moved into systemd-logind and is
315 accessible via a bus interface.
316
317 * "systemctl reboot" gained a new switch --firmware-setup that
318 can be used to reboot into the EFI firmware setup, if that
319 is available. systemd-logind now exposes an API on the bus
320 to trigger such reboots, in case graphical desktop UIs want
321 to cover this functionality.
322
323 * "systemctl enable", "systemctl disable" and "systemctl mask"
1579dd2c 324 now support a new "--now" switch. If specified the units
481a0aa2
LP		 325 that are enabled will also be started, and the ones
326 disabled/masked also stopped.
327
328 * The Gummiboot EFI boot loader tool has been merged into
1a2d5fbe
DH		 329 systemd, and renamed to "systemd-boot". The bootctl tool has been
330 updated to support systemd-boot.
481a0aa2
LP		 331
332 * An EFI kernel stub has been added that may be used to create
333 kernel EFI binaries that contain not only the actual kernel,
334 but also an initrd, boot splash, command line and OS release
335 information. This combined binary can then be signed as a
336 single image, so that the firmware can verify it all in one
1a2d5fbe 337 step. systemd-boot has special support for EFI binaries created
481a0aa2
LP		 338 like this and can extract OS release information from them
339 and show them in the boot menu. This functionality is useful
340 to implement cryptographically verified boot schemes.
341
342 * Optional support has been added to systemd-fsck to pass
343 fsck's progress report to an AF_UNIX socket in the file
344 system.
345
346 * udev will no longer create device symlinks for all block
347 devices by default. A blacklist for excluding special block
348 devices from this logic has been turned into a whitelist
349 that requires picking block devices explicitly that require
350 device symlinks.
351
352 * A new (currently still internal) API sd-device.h has been
353 added to libsystemd. This modernized API is supposed to
354 replace libudev eventually. In fact, already much of libudev
355 is now just a wrapper around sd-device.h.
356
357 * A new hwdb database for storing metadata about pointing
358 stick devices has been added.
359
360 * systemd-tmpfiles gained support for setting file attributes
361 similar to the "chattr" tool with new 'h' and 'H' lines.
362
363 * systemd-journald will no longer unconditionally set the
364 btrfs NOCOW flag on new journal files. This is instead done
365 with tmpfiles snippet using the new 'h' line type. This
366 allows easy disabling of this logic, by masking the
367 journal-nocow.conf tmpfiles file.
368
369 * systemd-journald will now translate audit message types to
370 human readable identifiers when writing them to the
371 journal. This should improve readability of audit messages.
372
373 * The LUKS logic gained support for the offset= and skip=
374 options in /etc/crypttab, as previously implemented by
375 Debian.
376
377 * /usr/lib/os-release gained a new optional field VARIANT= for
378 distributions that support multiple variants (such as a
379 desktop edition, a server edition, ...)
380
381 Contributions from: Aaro Koskinen, Adam Goode, Alban Crequy,
382 Alberto Fanjul Alonso, Alexander Sverdlin, Alex Puchades, Alin
383 Rauta, Alison Chaiken, Andrew Jones, Arend van Spriel,
384 Benedikt Morbach, Benjamin Franzke, Benjamin Tissoires, Blaž
385 Tomažič, Chris Morgan, Chris Morin, Colin Walters, Cristian
386 Rodríguez, Daniel Buch, Daniel Drake, Daniele Medri, Daniel
387 Mack, Daniel Mustieles, daurnimator, Davide Bettio, David
388 Herrmann, David Strauss, Didier Roche, Dimitri John Ledkov,
389 Eric Cook, Gavin Li, Goffredo Baroncelli, Hannes Reinecke,
390 Hans de Goede, Hans-Peter Deifel, Harald Hoyer, Iago López
391 Galeiras, Ivan Shapovalov, Jan Engelhardt, Jan Janssen, Jan
392 Pazdziora, Jan Synacek, Jasper St. Pierre, Jay Faulkner, John
393 Paul Adrian Glaubitz, Jonathon Gilbert, Karel Zak, Kay
394 Sievers, Koen Kooi, Lennart Poettering, Lubomir Rintel, Lucas
395 De Marchi, Lukas Nykryn, Lukas Rusak, Lukasz Skalski, Łukasz
396 Stelmach, Mantas Mikulėnas, Marc-Antoine Perennou, Marcel
397 Holtmann, Martin Pitt, Mathieu Chevrier, Matthew Garrett,
398 Michael Biebl, Michael Marineau, Michael Olbrich, Michal
399 Schmidt, Michal Sekletar, Mirco Tischler, Nir Soffer, Patrik
400 Flykt, Pavel Odvody, Peter Hutterer, Peter Lemenkov, Peter
401 Waller, Piotr Drąg, Raul Gutierrez S, Richard Maw, Ronny
402 Chevalier, Ross Burton, Sebastian Rasmussen, Sergey Ptashnick,
403 Seth Jennings, Shawn Landden, Simon Farnsworth, Stefan Junker,
404 Stephen Gallagher, Susant Sahani, Sylvain Plantefève, Thomas
405 Haller, Thomas Hindoe Paaboel Andersen, Tobias Hunger, Tom
406 Gundersen, Torstein Husebø, Umut Tezduyar Lindskog, Will
407 Woods, Zachary Cook, Zbigniew Jędrzejewski-Szmek
408
39315f9f 409 -- Berlin, 2015-05-22
481a0aa2 410
615aaf41
LP		 411CHANGES WITH 219:
412
615aaf41
LP		 413 * Introduce a new API "sd-hwdb.h" for querying the hardware
414 metadata database. With this minimal interface one can query
415 and enumerate the udev hwdb, decoupled from the old libudev
416 library. libudev's interface for this is now only a wrapper
417 around sd-hwdb. A new tool systemd-hwdb has been added to
418 interface with and update the database.
419
420 * When any of systemd's tools copies files (for example due to
421 tmpfiles' C lines) a btrfs reflink will attempted first,
422 before bytewise copying is done.
423
424 * systemd-nspawn gained a new --ephemeral switch. When
425 specified a btrfs snapshot is taken of the container's root
426 directory, and immediately removed when the container
427 terminates again. Thus, a container can be started whose
428 changes never alter the container's root directory, and are
429 lost on container termination. This switch can also be used
430 for starting a container off the root file system of the
431 host without affecting the host OS. This switch is only
432 available on btrfs file systems.
433
434 * systemd-nspawn gained a new --template= switch. It takes the
435 path to a container tree to use as template for the tree
7edecf21 436 specified via --directory=, should that directory be
615aaf41
LP		 437 missing. This allows instantiating containers dynamically,
438 on first run. This switch is only available on btrfs file
439 systems.
440
441 * When a .mount unit refers to a mount point on which multiple
442 mounts are stacked, and the .mount unit is stopped all of
443 the stacked mount points will now be unmounted until no
444 mount point remains.
445
446 * systemd now has an explicit notion of supported and
447 unsupported unit types. Jobs enqueued for unsupported unit
448 types will now fail with an "unsupported" error code. More
449 specifically .swap, .automount and .device units are not
450 supported in containers, .busname units are not supported on
451 non-kdbus systems. .swap and .automount are also not
452 supported if their respective kernel compile time options
453 are disabled.
454
455 * machinectl gained support for two new "copy-from" and
456 "copy-to" commands for copying files from a running
457 container to the host or vice versa.
458
459 * machinectl gained support for a new "bind" command to bind
460 mount host directories into local containers. This is
461 currently only supported for nspawn containers.
462
463 * networkd gained support for configuring bridge forwarding
464 database entries (fdb) from .network files.
465
466 * A new tiny daemon "systemd-importd" has been added that can
467 download container images in tar, raw, qcow2 or dkr formats,
468 and make them available locally in /var/lib/machines, so
469 that they can run as nspawn containers. The daemon can GPG
470 verify the downloads (not supported for dkr, since it has no
471 provisions for verifying downloads). It will transparently
472 decompress bz2, xz, gzip compressed downloads if necessary,
473 and restore sparse files on disk. The daemon uses privilege
474 separation to ensure the actual download logic runs with
475 fewer privileges than the deamon itself. machinectl has
476 gained new commands "pull-tar", "pull-raw" and "pull-dkr" to
477 make the functionality of importd available to the
478 user. With this in place the Fedora and Ubuntu "Cloud"
479 images can be downloaded and booted as containers unmodified
480 (the Fedora images lack the appropriate GPG signature files
481 currently, so they cannot be verified, but this will change
482 soon, hopefully). Note that downloading images is currently
483 only fully supported on btrfs.
484
485 * machinectl is now able to list container images found in
486 /var/lib/machines, along with some metadata about sizes of
487 disk and similar. If the directory is located on btrfs and
488 quota is enabled, this includes quota display. A new command
489 "image-status" has been added that shows additional
490 information about images.
491
492 * machinectl is now able to clone container images
493 efficiently, if the underlying file system (btrfs) supports
494 it, with the new "machinectl list-images" command. It also
495 gained commands for renaming and removing images, as well as
496 marking them read-only or read-write (supported also on
497 legacy file systems).
498
499 * networkd gained support for collecting LLDP network
500 announcements, from hardware that supports this. This is
501 shown in networkctl output.
502
503 * systemd-run gained support for a new -t (--pty) switch for
504 invoking a binary on a pty whose input and output is
505 connected to the invoking terminal. This allows executing
506 processes as system services while interactively
507 communicating with them via the terminal. Most interestingly
508 this is supported across container boundaries. Invoking
509 "systemd-run -t /bin/bash" is an alternative to running a
510 full login session, the difference being that the former
511 will not register a session, nor go through the PAM session
512 setup.
513
514 * tmpfiles gained support for a new "v" line type for creating
515 btrfs subvolumes. If the underlying file system is a legacy
516 file system, this automatically degrades to creating a
517 normal directory. Among others /var/lib/machines is now
518 created like this at boot, should it be missing.
519
520 * The directory /var/lib/containers/ has been deprecated and
521 been replaced by /var/lib/machines. The term "machines" has
522 been used in the systemd context as generic term for both
523 VMs and containers, and hence appears more appropriate for
524 this, as the directory can also contain raw images bootable
525 via qemu/kvm.
526
527 * systemd-nspawn when invoked with -M but without --directory=
528 or --image= is now capable of searching for the container
529 root directory, subvolume or disk image automatically, in
530 /var/lib/machines. systemd-nspawn@.service has been updated
531 to make use of this, thus allowing it to be used for raw
532 disk images, too.
533
534 * A new machines.target unit has been introduced that is
535 supposed to group all containers/VMs invoked as services on
536 the system. systemd-nspawn@.service has been updated to
537 integrate with that.
538
539 * machinectl gained a new "start" command, for invoking a
540 container as a service. "machinectl start foo" is mostly
541 equivalent to "systemctl start systemd-nspawn@foo.service",
542 but handles escaping in a nicer way.
543
544 * systemd-nspawn will now mount most of the cgroupfs tree
545 read-only into each container, with the exception of the
546 container's own subtree in the name=systemd hierarchy.
547
548 * journald now sets the special FS_NOCOW file flag for its
549 journal files. This should improve performance on btrfs, by
550 avoiding heavy fragmentation when journald's write-pattern
551 is used on COW file systems. It degrades btrfs' data
552 integrity guarantees for the files to the same levels as for
553 ext3/ext4 however. This should be OK though as journald does
554 its own data integrity checks and all its objects are
555 checksummed on disk. Also, journald should handle btrfs disk
556 full events a lot more gracefully now, by processing SIGBUS
557 errors, and not relying on fallocate() anymore.
558
559 * When journald detects that journal files it is writing to
560 have been deleted it will immediately start new journal
561 files.
562
563 * systemd now provides a way to store file descriptors
564 per-service in PID 1.This is useful for daemons to ensure
565 that fds they require are not lost during a daemon
566 restart. The fds are passed to the deamon on the next
567 invocation in the same way socket activation fds are
568 passed. This is now used by journald to ensure that the
569 various sockets connected to all the system's stdout/stderr
570 are not lost when journald is restarted. File descriptors
571 may be stored in PID 1 via the sd_pid_notify_with_fds() API,
572 an extension to sd_notify(). Note that a limit is enforced
573 on the number of fds a service can store in PID 1, and it
574 defaults to 0, so that no fds may be stored, unless this is
575 explicitly turned on.
576
577 * The default TERM variable to use for units connected to a
578 terminal, when no other value is explicitly is set is now
579 vt220 rather than vt102. This should be fairly safe still,
580 but allows PgUp/PgDn work.
581
582 * The /etc/crypttab option header= as known from Debian is now
583 supported.
584
585 * "loginctl user-status" and "loginctl session-status" will
586 now show the last 10 lines of log messages of the
587 user/session following the status output. Similar,
588 "machinectl status" will show the last 10 log lines
589 associated with a virtual machine or container
590 service. (Note that this is usually not the log messages
591 done in the VM/container itself, but simply what the
592 container manager logs. For nspawn this includes all console
593 output however.)
594
595 * "loginctl session-status" without further argument will now
596 show the status of the session of the caller. Similar,
597 "lock-session", "unlock-session", "activate",
598 "enable-linger", "disable-linger" may now be called without
599 session/user parameter in which case they apply to the
600 caller's session/user.
601
602 * An X11 session scriptlet is now shipped that uploads
603 $DISPLAY and $XAUTHORITY into the environment of the systemd
604 --user daemon if a session begins. This should improve
605 compatibility with X11 enabled applications run as systemd
606 user services.
607
608 * Generators are now subject to masking via /etc and /run, the
609 same way as unit files.
610
611 * networkd .network files gained support for configuring
612 per-link IPv4/IPv6 packet forwarding as well as IPv4
613 masquerading. This is by default turned on for veth links to
614 containers, as registered by systemd-nspawn. This means that
615 nspawn containers run with --network-veth will now get
616 automatic routed access to the host's networks without any
617 further configuration or setup, as long as networkd runs on
618 the host.
619
620 * systemd-nspawn gained the --port= (-p) switch to expose TCP
621 or UDP posts of a container on the host. With this in place
622 it is possible to run containers with private veth links
623 (--network-veth), and have their functionality exposed on
624 the host as if their services were running directly on the
625 host.
626
dd2fd155 627 * systemd-nspawn's --network-veth switch now gained a short
615aaf41
LP		 628 version "-n", since with the changes above it is now truly
629 useful out-of-the-box. The systemd-nspawn@.service has been
630 updated to make use of it too by default.
631
632 * systemd-nspawn will now maintain a per-image R/W lock, to
633 ensure that the same image is not started more than once
634 writable. (It's OK to run an image multiple times
635 simultaneously in read-only mode.)
636
637 * systemd-nspawn's --image= option is now capable of
638 dissecting and booting MBR and GPT disk images that contain
639 only a single active Linux partition. Previously it
640 supported only GPT disk images with proper GPT type
641 IDs. This allows running cloud images from major
642 distributions directly with systemd-nspawn, without
643 modification.
644
645 * In addition to collecting mouse dpi data in the udev
646 hardware database, there's now support for collecting angle
647 information for mouse scroll wheels. The database is
7edecf21 648 supposed to guarantee similar scrolling behavior on mice
615aaf41
LP		 649 that it knows about. There's also support for collecting
650 information about Touchpad types.
651
652 * udev's input_id built-in will now also collect touch screen
653 dimension data and attach it to probed devices.
654
655 * /etc/os-release gained support for a Distribution Privacy
656 Policy link field.
657
658 * networkd gained support for creating "ipvlan", "gretap",
659 "ip6gre", "ip6gretap" and "ip6tnl" network devices.
660
661 * systemd-tmpfiles gained support for "a" lines for setting
662 ACLs on files.
663
664 * systemd-nspawn will now mount /tmp in the container to
665 tmpfs, automatically.
666
667 * systemd now exposes the memory.usage_in_bytes cgroup
668 attribute and shows it for each service in the "systemctl
669 status" output, if available.
670
671 * When the user presses Ctrl-Alt-Del more than 7x within 2s an
672 immediate reboot is triggered. This useful if shutdown is
673 hung and is unable to complete, to expedite the
674 operation. Note that this kind of reboot will still unmount
675 all file systems, and hence should not result in fsck being
676 run on next reboot.
677
678 * A .device unit for an optical block device will now be
679 considered active only when a medium is in the drive. Also,
680 mount units are now bound to their backing devices thus
681 triggering automatic unmounting when devices become
682 unavailable. With this in place systemd will now
683 automatically unmount left-over mounts when a CD-ROM is
684 ejected or an USB stick is yanked from the system.
685
686 * networkd-wait-online now has support for waiting for
687 specific interfaces only (with globbing), and for giving up
688 after a configurable timeout.
689
690 * networkd now exits when idle. It will be automatically
691 restarted as soon as interfaces show up, are removed or
692 change state. networkd will stay around as long as there is
693 at least one DHCP state machine or similar around, that keep
694 it non-idle.
695
696 * networkd may now configure IPv6 link-local addressing in
697 addition to IPv4 link-local addressing.
698
699 * The IPv6 "token" for use in SLAAC may now be configured for
700 each .network interface in networkd.
701
702 * Routes configured with networkd may now be assigned a scope
703 in .network files.
704
705 * networkd's [Match] sections now support globbing and lists
706 of multiple space-separated matches per item.
707
11ea2781 708 Contributions from: Alban Crequy, Alin Rauta, Andrey Chaser,
d2c643c6
LP		 709 Bastien Nocera, Bruno Bottazzini, Carlos Garnacho, Carlos
710 Morata Castillo, Chris Atkinson, Chris J. Arges, Christian
711 Kirbach, Christian Seiler, Christoph Brill, Colin Guthrie,
712 Colin Walters, Cristian Rodríguez, Daniele Medri, Daniel Mack,
713 Dave Reisner, David Herrmann, Djalal Harouni, Erik Auerswald,
714 Filipe Brandenburger, Frank Theile, Gabor Kelemen, Gabriel de
715 Perthuis, Harald Hoyer, Hui Wang, Ivan Shapovalov, Jan
716 Engelhardt, Jan Synacek, Jay Faulkner, Johannes Hölzl, Jonas
717 Ådahl, Jonathan Boulle, Josef Andersson, Kay Sievers, Ken
718 Werner, Lennart Poettering, Lucas De Marchi, Lukas Märdian,
719 Lukas Nykryn, Lukasz Skalski, Luke Shumaker, Mantas Mikulėnas,
720 Manuel Mendez, Marcel Holtmann, Marc Schmitzer, Marko
721 Myllynen, Martin Pitt, Maxim Mikityanskiy, Michael Biebl,
722 Michael Marineau, Michael Olbrich, Michal Schmidt, Mindaugas
11ea2781
LP		 723 Baranauskas, Moez Bouhlel, Naveen Kumar, Patrik Flykt, Paul
724 Martin, Peter Hutterer, Peter Mattern, Philippe De Swert,
725 Piotr Drąg, Rafael Ferreira, Rami Rosen, Robert Milasan, Ronny
726 Chevalier, Sangjung Woo, Sebastien Bacher, Sergey Ptashnick,
727 Shawn Landden, Stéphane Graber, Susant Sahani, Sylvain
728 Plantefève, Thomas Hindoe Paaboel Andersen, Tim JP, Tom
729 Gundersen, Topi Miettinen, Torstein Husebø, Umut Tezduyar
d2c643c6
LP		 730 Lindskog, Veres Lajos, Vincent Batts, WaLyong Cho, Wieland
731 Hoffmann, Zbigniew Jędrzejewski-Szmek
11ea2781 732
d2c643c6 733 -- Berlin, 2015-02-16
11ea2781 734
d4f5a1f4
DH		 735CHANGES WITH 218:
736
f9e00a9f
LP		 737 * When querying unit file enablement status (for example via
738 "systemctl is-enabled"), a new state "indirect" is now known
739 which indicates that a unit might not be enabled itself, but
740 another unit listed in its Alias= setting might be.
741
742 * Similar to the various existing ConditionXYZ= settings for
743 units there are now matching AssertXYZ= settings. While
744 failing conditions cause a unit to be skipped, but its job
745 to succeed, failing assertions declared like this will cause
746 a unit start operation and its job to fail.
747
748 * hostnamed now knows a new chassis type "embedded".
749
750 * systemctl gained a new "edit" command. When used on a unit
751 file this allows extending unit files with .d/ drop-in
752 configuration snippets or editing the full file (after
753 copying it from /usr/lib to /etc). This will invoke the
754 user's editor (as configured with $EDITOR), and reload the
755 modified configuration after editing.
756
757 * "systemctl status" now shows the suggested enablement state
758 for a unit, as declared in the (usually vendor-supplied)
759 system preset files.
760
761 * nss-myhostname will now resolve the single-label host name
762 "gateway" to the locally configured default IP routing
763 gateways, ordered by their metrics. This assigns a stable
764 name to the used gateways, regardless which ones are
765 currently configured. Note that the name will only be
766 resolved after all other name sources (if nss-myhostname is
767 configured properly) and should hence not negatively impact
768 systems that use the single-label host name "gateway" in
769 other contexts.
770
771 * systemd-inhibit now allows filtering by mode when listing
772 inhibitors.
773
122676c9
LP		 774 * Scope and service units gained a new "Delegate" boolean
775 property, which when set allows processes running inside the
776 unit to further partition resources. This is primarily
777 useful for systemd user instances as well as container
778 managers.
f9e00a9f
LP		 779
780 * journald will now pick up audit messages directly from
781 the kernel, and log them like any other log message. The
782 audit fields are split up and fully indexed. This means that
783 journalctl in many ways is now a (nicer!) alternative to
784 ausearch, the traditional audit client. Note that this
785 implements only a minimal audit client, if you want the
786 special audit modes like reboot-on-log-overflow, please use
787 the traditional auditd instead, which can be used in
788 parallel to journald.
789
790 * The ConditionSecurity= unit file option now understands the
791 special string "audit" to check whether auditing is
792 available.
793
794 * journalctl gained two new commands --vacuum-size= and
795 --vacuum-time= to delete old journal files until the
796 remaining ones take up no more the specified size on disk,
797 or are not older than the specified time.
798
799 * A new, native PPPoE library has been added to sd-network,
800 systemd's library of light-weight networking protocols. This
801 library will be used in a future version of networkd to
802 enable PPPoE communication without an external pppd daemon.
803
804 * The busctl tool now understands a new "capture" verb that
805 works similar to "monitor", but writes a packet capture
806 trace to STDOUT that can be redirected to a file which is
807 compatible with libcap's capture file format. This can then
808 be loaded in Wireshark and similar tools to inspect bus
809 communication.
810
811 * The busctl tool now understands a new "tree" verb that shows
812 the object trees of a specific service on the bus, or of all
813 services.
814
815 * The busctl tool now understands a new "introspect" verb that
816 shows all interfaces and members of objects on the bus,
817 including their signature and values. This is particularly
818 useful to get more information about bus objects shown by
819 the new "busctl tree" command.
820
821 * The busctl tool now understands new verbs "call",
822 "set-property" and "get-property" for invoking bus method
823 calls, setting and getting bus object properties in a
824 friendly way.
825
826 * busctl gained a new --augment-creds= argument that controls
827 whether the tool shall augment credential information it
828 gets from the bus with data from /proc, in a possibly
829 race-ful way.
830
831 * nspawn's --link-journal= switch gained two new values
832 "try-guest" and "try-host" that work like "guest" and
17c29493 833 "host", but do not fail if the host has no persistent
f9e00a9f
LP		 834 journalling enabled. -j is now equivalent to
835 --link-journal=try-guest.
836
837 * macvlan network devices created by nspawn will now have
838 stable MAC addresses.
839
840 * A new SmackProcessLabel= unit setting has been added, which
841 controls the SMACK security label processes forked off by
842 the respective unit shall use.
843
d4f5a1f4
DH		 844 * If compiled with --enable-xkbcommon, systemd-localed will
845 verify x11 keymap settings by compiling the given keymap. It
846 will spew out warnings if the compilation fails. This
847 requires libxkbcommon to be installed.
848
f9e00a9f
LP		 849 * When a coredump is collected a larger number of metadata
850 fields is now collected and included in the journal records
851 created for it. More specifically control group membership,
852 environment variables, memory maps, working directory,
853 chroot directory, /proc/$PID/status, and a list of open file
854 descriptors is now stored in the log entry.
855
17c29493 856 * The udev hwdb now contains DPI information for mice. For
f9e00a9f
LP		 857 details see:
858
859 http://who-t.blogspot.de/2014/12/building-a-dpi-database-for-mice.html
860
861 * All systemd programs that read standalone configuration
862 files in /etc now also support a corresponding series of
997b2b43
JT		 863 .conf.d configuration directories in /etc/, /run/,
864 /usr/local/lib/, /usr/lib/, and (if configured with
865 --enable-split-usr) /lib/. In particular, the following
866 configuration files now have corresponding configuration
867 directories: system.conf user.conf, logind.conf,
868 journald.conf, sleep.conf, bootchart.conf, coredump.conf,
869 resolved.conf, timesyncd.conf, journal-remote.conf, and
870 journal-upload.conf. Note that distributions should use the
871 configuration directories in /usr/lib/; the directories in
872 /etc/ are reserved for the system administrator.
873
f9e00a9f
LP		 874 * systemd-rfkill will no longer take the rfkill device name
875 into account when storing rfkill state on disk, as the name
876 might be dynamically assigned and not stable. Instead, the
877 ID_PATH udev variable combined with the rfkill type (wlan,
878 bluetooth, ...) is used.
879
880 * A new service systemd-machine-id-commit.service has been
881 added. When used on systems where /etc is read-only during
882 boot, and /etc/machine-id is not initialized (but an empty
883 file), this service will copy the temporary machine ID
884 created as replacement into /etc after the system is fully
885 booted up. This is useful for systems that are freshly
886 installed with a non-initialized machine ID, but should get
887 a fixed machine ID for subsequent boots.
888
889 * networkd's .netdev files now provide a large set of
890 configuration parameters for VXLAN devices. Similar, the
891 bridge port cost parameter is now configurable in .network
892 files. There's also new support for configuring IP source
893 routing. networkd .link files gained support for a new
894 OriginalName= match that is useful to match against the
895 original interface name the kernel assigned. .network files
896 may include MTU= and MACAddress= fields for altering the MTU
897 and MAC address while being connected to a specific network
898 interface.
899
900 * The LUKS logic gained supported for configuring
901 UUID-specific key files. There's also new support for naming
902 LUKS device from the kernel command line, using the new
903 luks.name= argument.
904
905 * Timer units may now be transiently created via the bus API
906 (this was previously already available for scope and service
907 units). In addition it is now possible to create multiple
908 transient units at the same time with a single bus call. The
909 "systemd-run" tool has been updated to make use of this for
910 running commands on a specified time, in at(1)-style.
911
912 * tmpfiles gained support for "t" lines, for assigning
913 extended attributes to files. Among other uses this may be
914 used to assign SMACK labels to files.
915
13e92f39
LP		 916 Contributions from: Alin Rauta, Alison Chaiken, Andrej
917 Manduch, Bastien Nocera, Chris Atkinson, Chris Leech, Chris
918 Mayo, Colin Guthrie, Colin Walters, Cristian Rodríguez,
919 Daniele Medri, Daniel Mack, Dan Williams, Dan Winship, Dave
920 Reisner, David Herrmann, Didier Roche, Felipe Sateler, Gavin
921 Li, Hans de Goede, Harald Hoyer, Iago López Galeiras, Ivan
922 Shapovalov, Jakub Filak, Jan Janssen, Jan Synacek, Joe
923 Lawrence, Josh Triplett, Kay Sievers, Lennart Poettering,
924 Lukas Nykryn, Łukasz Stelmach, Maciej Wereski, Mantas
925 Mikulėnas, Marcel Holtmann, Martin Pitt, Maurizio Lombardi,
926 Michael Biebl, Michael Chapman, Michael Marineau, Michal
7da81d33
LP		 927 Schmidt, Michal Sekletar, Olivier Brunel, Patrik Flykt, Peter
928 Hutterer, Przemyslaw Kedzierski, Rami Rosen, Ray Strode,
929 Richard Schütz, Richard W.M. Jones, Ronny Chevalier, Ross
930 Lagerwall, Sean Young, Stanisław Pitucha, Susant Sahani,
931 Thomas Haller, Thomas Hindoe Paaboel Andersen, Tom Gundersen,
932 Torstein Husebø, Umut Tezduyar Lindskog, Vicente Olivert
933 Riera, WaLyong Cho, Wesley Dawson, Zbigniew Jędrzejewski-Szmek
13e92f39
LP		 934
935 -- Berlin, 2014-12-10
f9e00a9f 936
b62a309a
ZJS		 937CHANGES WITH 217:
938
78b6b7ce
LP		 939 * journalctl gained the new options -t/--identifier= to match
940 on the syslog identifier (aka "tag"), as well as --utc to
941 show log timestamps in the UTC timezone. journalctl now also
942 accepts -n/--lines=all to disable line capping in a pager.
b62a309a 943
a65b8245
ZJS		 944 * journalctl gained a new switch, --flush, that synchronously
945 flushes logs from /run/log/journal to /var/log/journal if
946 persistent storage is enabled. systemd-journal-flush.service
947 now waits until the operation is complete.
2a97b03b 948
b62a309a
ZJS		 949 * Services can notify the manager before they start a reload
950 (by sending RELOADING=1) or shutdown (by sending
4bdc60cb
LP		 951 STOPPING=1). This allows the manager to track and show the
952 internal state of daemons and closes a race condition when
78b6b7ce 953 the process is still running but has closed its D-Bus
4bdc60cb 954 connection.
b62a309a 955
78b6b7ce
LP		 956 * Services with Type=oneshot do not have to have any ExecStart
957 commands anymore.
b62a309a
ZJS		 958
959 * User units are now loaded also from
960 $XDG_RUNTIME_DIR/systemd/user/. This is similar to the
961 /run/systemd/user directory that was already previously
962 supported, but is under the control of the user.
963
4ffd29fd
LP		 964 * Job timeouts (i.e. time-outs on the time a job that is
965 queued stays in the run queue) can now optionally result in
966 immediate reboot or power-off actions (JobTimeoutAction= and
967 JobTimeoutRebootArgument=). This is useful on ".target"
968 units, to limit the maximum time a target remains
969 undispatched in the run queue, and to trigger an emergency
970 operation in such a case. This is now used by default to
971 turn off the system if boot-up (as defined by everything in
972 basic.target) hangs and does not complete for at least
973 15min. Also, if power-off or reboot hang for at least 30min
974 an immediate power-off/reboot operation is triggered. This
975 functionality is particularly useful to increase reliability
976 on embedded devices, but also on laptops which might
977 accidentally get powered on when carried in a backpack and
978 whose boot stays stuck in a hard disk encryption passphrase
979 question.
980
b62a309a
ZJS		 981 * systemd-logind can be configured to also handle lid switch
982 events even when the machine is docked or multiple displays
983 are attached (HandleLidSwitchDocked= option).
984
985 * A helper binary and a service have been added which can be
986 used to resume from hibernation in the initramfs. A
987 generator will parse the resume= option on the kernel
81c7dd89 988 command line to trigger resume.
b62a309a 989
78b6b7ce
LP		 990 * A user console daemon systemd-consoled has been
991 added. Currently, it is a preview, and will so far open a
992 single terminal on each session of the user marked as
09077149 993 Desktop=systemd-console.
b62a309a
ZJS		 994
995 * Route metrics can be specified for DHCP routes added by
996 systemd-networkd.
997
ba8df74b 998 * The SELinux context of socket-activated services can be set
78b6b7ce 999 from the information provided by the networking stack
b62a309a
ZJS		 1000 (SELinuxContextFromNet= option).
1001
1002 * Userspace firmware loading support has been removed and
1003 the minimum supported kernel version is thus bumped to 3.7.
1004
1005 * Timeout for udev workers has been increased from 1 to 3
1006 minutes, but a warning will be printed after 1 minute to
1007 help diagnose kernel modules that take a long time to load.
1008
78b6b7ce 1009 * Udev rules can now remove tags on devices with TAG-="foobar".
b62a309a 1010
4bdc60cb 1011 * systemd's readahead implementation has been removed. In many
f6d1de85 1012 circumstances it didn't give expected benefits even for
b62a309a 1013 rotational disk drives and was becoming less relevant in the
78b6b7ce
LP		 1014 age of SSDs. As none of the developers has been using
1015 rotating media anymore, and nobody stepped up to actively
1016 maintain this component of systemd it has now been removed.
b62a309a 1017
c4ac9900 1018 * Swap units can use Options= to specify discard options.
b62a309a
ZJS		 1019 Discard options specified for swaps in /etc/fstab are now
1020 respected.
1021
1022 * Docker containers are now detected as a separate type of
1023 virtualization.
1024
1025 * The Password Agent protocol gained support for queries where
ba8df74b 1026 the user input is shown, useful e.g. for user names.
78b6b7ce
LP		 1027 systemd-ask-password gained a new --echo option to turn that
1028 on.
b62a309a 1029
e6c253e3
MS		 1030 * The default sysctl.d/ snippets will now set:
1031
1032 net.core.default_qdisc = fq_codel
1033
ba8df74b
KS		 1034 This selects Fair Queuing Controlled Delay as the default
1035 queuing discipline for network interfaces. fq_codel helps
e6c253e3
MS		 1036 fight the network bufferbloat problem. It is believed to be
1037 a good default with no tuning required for most workloads.
1038 Downstream distributions may override this choice. On 10Gbit
1039 servers that do not do forwarding, "fq" may perform better.
1040 Systems without a good clocksource should use "pfifo_fast".
1041
4bdc60cb
LP		 1042 * If kdbus is enabled during build a new option BusPolicy= is
1043 available for service units, that allows locking all service
1044 processes into a stricter bus policy, in order to limit
1045 access to various bus services, or even hide most of them
1046 from the service's view entirely.
1047
1048 * networkctl will now show the .network and .link file
1049 networkd has applied to a specific interface.
1050
1051 * sd-login gained a new API call sd_session_get_desktop() to
1052 query which desktop environment has been selected for a
1053 session.
1054
1055 * UNIX utmp support is now compile-time optional to support
1056 legacy-free systems.
1057
78b6b7ce
LP		 1058 * systemctl gained two new commands "add-wants" and
1059 "add-requires" for pulling in units from specific targets
1060 easily.
1061
1062 * If the word "rescue" is specified on the kernel command line
1063 the system will now boot into rescue mode (aka
1064 rescue.target), which was previously available only by
1065 specifying "1" or "systemd.unit=rescue.target" on the kernel
1066 command line. This new kernel command line option nicely
1067 mirrors the already existing "emergency" kernel command line
1068 option.
1069
1070 * New kernel command line options mount.usr=, mount.usrflags=,
d4474c41 1071 mount.usrfstype= have been added that match root=, rootflags=,
78b6b7ce
LP		 1072 rootfstype= but allow mounting a specific file system to
1073 /usr.
1074
f6d1de85 1075 * The $NOTIFY_SOCKET is now also passed to control processes of
78b6b7ce
LP		 1076 services, not only the main process.
1077
1078 * This version reenables support for fsck's -l switch. This
1079 means at least version v2.25 of util-linux is required for
1080 operation, otherwise dead-locks on device nodes may
1081 occur. Again: you need to update util-linux to at least
1082 v2.25 when updating systemd to v217.
1083
3769415e
TT		 1084 * The "multi-seat-x" tool has been removed from systemd, as
1085 its functionality has been integrated into X servers 1.16,
1086 and the tool is hence redundant. It is recommended to update
1087 display managers invoking this tool to simply invoke X
1088 directly from now on, again.
1089
fae9332b
LP		 1090 * Support for the new ALLOW_INTERACTIVE_AUTHORIZATION D-Bus
1091 message flag has been added for all of systemd's PolicyKit
1092 authenticated method calls has been added. In particular
1093 this now allows optional interactive authorization via
ba8df74b 1094 PolicyKit for many of PID1's privileged operations such as
fae9332b
LP		 1095 unit file enabling and disabling.
1096
cfa1571b
LP		 1097 * "udevadm hwdb --update" learnt a new switch "--usr" for
1098 placing the rebuilt hardware database in /usr instead of
1099 /etc. When used only hardware database entries stored in
1100 /usr will be used, and any user database entries in /etc are
1101 ignored. This functionality is useful for vendors to ship a
1102 pre-built database on systems where local configuration is
1103 unnecessary or unlikely.
1104
7e63dd10
LP		 1105 * Calendar time specifications in .timer units now also
1106 understand the strings "semi-annually", "quarterly" and
ba8df74b 1107 "minutely" as shortcuts (in addition to the preexisting
7e63dd10
LP		 1108 "anually", "hourly", ...).
1109
d4474c41
TG		 1110 * systemd-tmpfiles will now correctly create files in /dev
1111 at boot which are marked for creation only at boot. It is
1112 recommended to always create static device nodes with 'c!'
1113 and 'b!', so that they are created only at boot and not
1114 overwritten at runtime.
1115
3b187c5c
LP		 1116 * When the watchdog logic is used for a service (WatchdogSec=)
1117 and the watchdog timeout is hit the service will now be
1118 terminated with SIGABRT (instead of just SIGTERM), in order
1119 to make sure a proper coredump and backtrace is
1120 generated. This ensures that hanging services will result in
1121 similar coredump/backtrace behaviour as services that hit a
1122 segmentation fault.
1123
4b08dd87
LP		 1124 Contributions from: Andreas Henriksson, Andrei Borzenkov,
1125 Angus Gibson, Ansgar Burchardt, Ben Wolsieffer, Brandon L.
1126 Black, Christian Hesse, Cristian Rodríguez, Daniel Buch,
1127 Daniele Medri, Daniel Mack, Dan Williams, Dave Reisner, David
1128 Herrmann, David Sommerseth, David Strauss, Emil Renner
1129 Berthing, Eric Cook, Evangelos Foutras, Filipe Brandenburger,
1130 Gustavo Sverzut Barbieri, Hans de Goede, Harald Hoyer, Hristo
1131 Venev, Hugo Grostabussiat, Ivan Shapovalov, Jan Janssen, Jan
1132 Synacek, Jonathan Liu, Juho Son, Karel Zak, Kay Sievers, Klaus
1133 Purer, Koen Kooi, Lennart Poettering, Lukas Nykryn, Lukasz
1134 Skalski, Łukasz Stelmach, Mantas Mikulėnas, Marcel Holtmann,
1135 Marius Tessmann, Marko Myllynen, Martin Pitt, Michael Biebl,
1136 Michael Marineau, Michael Olbrich, Michael Scherer, Michal
1137 Schmidt, Michal Sekletar, Miroslav Lichvar, Patrik Flykt,
1138 Philippe De Swert, Piotr Drąg, Rahul Sundaram, Richard
1139 Weinberger, Robert Milasan, Ronny Chevalier, Ruben Kerkhof,
1140 Santiago Vila, Sergey Ptashnick, Simon McVittie, Sjoerd
1141 Simons, Stefan Brüns, Steven Allen, Steven Noonan, Susant
1142 Sahani, Sylvain Plantefève, Thomas Hindoe Paaboel Andersen,
1143 Timofey Titovets, Tobias Hunger, Tom Gundersen, Torstein
1144 Husebø, Umut Tezduyar Lindskog, WaLyong Cho, Zbigniew
13e92f39 1145 Jędrzejewski-Szmek
4b08dd87
LP		 1146
1147 -- Berlin, 2014-10-28
1148
b72ddf0f 1149CHANGES WITH 216:
b2ca0d63
LP		 1150
1151 * timedated no longer reads NTP implementation unit names from
b72ddf0f 1152 /usr/lib/systemd/ntp-units.d/*.list. Alternative NTP
b2ca0d63
LP		 1153 implementations should add a
1154
b72ddf0f 1155 Conflicts=systemd-timesyncd.service
b2ca0d63
LP		 1156
1157 to their unit files to take over and replace systemd's NTP
1158 default functionality.
1159
1160 * systemd-sysusers gained a new line type "r" for configuring
1161 which UID/GID ranges to allocate system users/groups
1162 from. Lines of type "u" may now add an additional column
1163 that specifies the home directory for the system user to be
1164 created. Also, systemd-sysusers may now optionally read user
1165 information from STDIN instead of a file. This is useful for
1166 invoking it from RPM preinst scriptlets that need to create
1167 users before the first RPM file is installed since these
1168 files might need to be owned by them. A new
1169 %sysusers_create_inline RPM macro has been introduced to do
1170 just that. systemd-sysusers now updates the shadow files as
1171 well as the user/group databases, which should enhance
1172 compatibility with certain tools like grpck.
1173
1174 * A number of bus APIs of PID 1 now optionally consult
5f02e26c 1175 PolicyKit to permit access for otherwise unprivileged
b2ca0d63
LP		 1176 clients under certain conditions. Note that this currently
1177 doesn't support interactive authentication yet, but this is
1178 expected to be added eventually, too.
1179
1180 * /etc/machine-info now has new fields for configuring the
1181 deployment environment of the machine, as well as the
1182 location of the machine. hostnamectl has been updated with
1183 new command to update these fields.
1184
1185 * systemd-timesyncd has been updated to automatically acquire
1186 NTP server information from systemd-networkd, which might
1187 have been discovered via DHCP.
1188
1189 * systemd-resolved now includes a caching DNS stub resolver
1190 and a complete LLMNR name resolution implementation. A new
daa05349
AB		 1191 NSS module "nss-resolve" has been added which can be used
1192 instead of glibc's own "nss-dns" to resolve hostnames via
b2ca0d63
LP		 1193 systemd-resolved. Hostnames, addresses and arbitrary RRs may
1194 be resolved via systemd-resolved D-Bus APIs. In contrast to
1195 the glibc internal resolver systemd-resolved is aware of
1196 multi-homed system, and keeps DNS server and caches separate
5f02e26c 1197 and per-interface. Queries are sent simultaneously on all
b2ca0d63
LP		 1198 interfaces that have DNS servers configured, in order to
1199 properly handle VPNs and local LANs which might resolve
1200 separate sets of domain names. systemd-resolved may acquire
a1a4a25e 1201 DNS server information from systemd-networkd automatically,
b2ca0d63
LP		 1202 which in turn might have discovered them via DHCP. A tool
1203 "systemd-resolve-host" has been added that may be used to
1204 query the DNS logic in resolved. systemd-resolved implements
1205 IDNA and automatically uses IDNA or UTF-8 encoding depending
1206 on whether classic DNS or LLMNR is used as transport. In the
1207 next releases we intend to add a DNSSEC and mDNS/DNS-SD
1208 implementation to systemd-resolved.
1209
1210 * A new NSS module nss-mymachines has been added, that
1211 automatically resolves the names of all local registered
1212 containers to their respective IP addresses.
1213
1214 * A new client tool "networkctl" for systemd-networkd has been
1215 added. It currently is entirely passive and will query
1216 networking configuration from udev, rtnetlink and networkd,
5f02e26c 1217 and present it to the user in a very friendly
b2ca0d63
LP		 1218 way. Eventually, we hope to extend it to become a full
1219 control utility for networkd.
1220
1221 * .socket units gained a new DeferAcceptSec= setting that
1222 controls the kernels' TCP_DEFER_ACCEPT sockopt for
1223 TCP. Similar, support for controlling TCP keep-alive
1224 settings has been added (KeepAliveTimeSec=,
1225 KeepAliveIntervalSec=, KeepAliveProbes=). Also, support for
1226 turning off Nagle's algorithm on TCP has been added
1227 (NoDelay=).
1228
a1a4a25e 1229 * logind learned a new session type "web", for use in projects
b2ca0d63
LP		 1230 like Cockpit which register web clients as PAM sessions.
1231
1232 * timer units with at least one OnCalendar= setting will now
1233 be started only after timer-sync.target has been
1234 reached. This way they will not elapse before the system
1235 clock has been corrected by a local NTP client or
1236 similar. This is particular useful on RTC-less embedded
1237 machines, that come up with an invalid system clock.
1238
1239 * systemd-nspawn's --network-veth= switch should now result in
1240 stable MAC addresses for both the outer and the inner side
1241 of the link.
1242
1243 * systemd-nspawn gained a new --volatile= switch for running
1244 container instances with /etc or /var unpopulated.
1245
1246 * The kdbus client code has been updated to use the new Linux
1247 3.17 memfd subsystem instead of the old kdbus-specific one.
1248
1249 * systemd-networkd's DHCP client and server now support
01da80b1
LP		 1250 FORCERENEW. There are also new configuration options to
1251 configure the vendor client identifier and broadcast mode
1252 for DHCP.
b2ca0d63
LP		 1253
1254 * systemd will no longer inform the kernel about the current
1255 timezone, as this is necessarily incorrect and racy as the
1256 kernel has no understanding of DST and similar
1257 concepts. This hence means FAT timestamps will be always
1258 considered UTC, similar to what Android is already
1259 doing. Also, when the RTC is configured to the local time
1260 (rather than UTC) systemd will never synchronize back to it,
1261 as this might confuse Windows at a later boot.
1262
1263 * systemd-analyze gained a new command "verify" for offline
1264 validation of unit files.
1265
1266 * systemd-networkd gained support for a couple of additional
1267 settings for bonding networking setups. Also, the metric for
1268 statically configured routes may now be configured. For
1269 network interfaces where this is appropriate the peer IP
1270 address may now be configured.
1271
26568403
TG		 1272 * systemd-networkd's DHCP client will no longer request
1273 broadcasting by default, as this tripped up some networks.
1274 For hardware where broadcast is required the feature should
1275 be switched back on using RequestBroadcast=yes.
1276
1277 * systemd-networkd will now set up IPv4LL addresses (when
1278 enabled) even if DHCP is configured successfully.
1279
1280 * udev will now default to respect network device names given
1281 by the kernel when the kernel indicates that these are
1282 predictable. This behavior can be tweaked by changing
1283 NamePolicy= in the relevant .link file.
1284
b2ca0d63
LP		 1285 * A new library systemd-terminal has been added that
1286 implements full TTY stream parsing and rendering. This
1287 library is supposed to be used later on for implementing a
1288 full userspace VT subsystem, replacing the current kernel
1289 implementation.
1290
1291 * A new tool systemd-journal-upload has been added to push
1292 journal data to a remote system running
1293 systemd-journal-remote.
1294
1295 * journald will no longer forward all local data to another
1296 running syslog daemon. This change has been made because
1297 rsyslog (which appears to be the most commonly used syslog
1298 implementation these days) no longer makes use of this, and
1299 instead pulls the data out of the journal on its own. Since
5f02e26c 1300 forwarding the messages to a non-existent syslog server is
b2ca0d63
LP		 1301 more expensive than we assumed we have now turned this
1302 off. If you run a syslog server that is not a recent rsyslog
1303 version, you have to turn this option on again
1304 (ForwardToSyslog= in journald.conf).
1305
1306 * journald now optionally supports the LZ4 compressor for
1307 larger journal fields. This compressor should perform much
1308 better than XZ which was the previous default.
1309
1310 * machinectl now shows the IP addresses of local containers,
1311 if it knows them, plus the interface name of the container.
1312
1313 * A new tool "systemd-escape" has been added that makes it
1314 easy to escape strings to build unit names and similar.
1315
1316 * sd_notify() messages may now include a new ERRNO= field
1317 which is parsed and collected by systemd and shown among the
1318 "systemctl status" output for a service.
1319
1320 * A new component "systemd-firstboot" has been added that
1321 queries the most basic systemd information (timezone,
a1a4a25e 1322 hostname, root password) interactively on first
b2ca0d63
LP		 1323 boot. Alternatively it may also be used to provision these
1324 things offline on OS images installed into directories.
1325
01da80b1
LP		 1326 * The default sysctl.d/ snippets will now set
1327
1328 net.ipv4.conf.default.promote_secondaries=1
1329
1330 This has the benefit of no flushing secondary IP addresses
1331 when primary addresses are removed.
1332
b2ca0d63
LP		 1333 Contributions from: Ansgar Burchardt, Bastien Nocera, Colin
1334 Walters, Dan Dedrick, Daniel Buch, Daniel Korostil, Daniel
1335 Mack, Dan Williams, Dave Reisner, David Herrmann, Denis
1336 Kenzior, Eelco Dolstra, Eric Cook, Hannes Reinecke, Harald
1337 Hoyer, Hong Shick Pak, Hui Wang, Jean-André Santoni, Jóhann
1338 B. Guðmundsson, Jon Severinsson, Karel Zak, Kay Sievers, Kevin
1339 Wells, Lennart Poettering, Lukas Nykryn, Mantas Mikulėnas,
1340 Marc-Antoine Perennou, Martin Pitt, Michael Biebl, Michael
1341 Marineau, Michael Olbrich, Michal Schmidt, Michal Sekletar,
1342 Miguel Angel Ajo, Mike Gilbert, Olivier Brunel, Robert
1343 Schiele, Ronny Chevalier, Simon McVittie, Sjoerd Simons, Stef
1344 Walter, Steven Noonan, Susant Sahani, Tanu Kaskinen, Thomas
1345 Blume, Thomas Hindoe Paaboel Andersen, Timofey Titovets,
1346 Tobias Geerinckx-Rice, Tomasz Torcz, Tom Gundersen, Umut
1347 Tezduyar Lindskog, Zbigniew Jędrzejewski-Szmek
1348
1349 -- Berlin, 2014-08-19
b72ddf0f 1350
3dff3e00 1351CHANGES WITH 215:
24a2bf4c
LP		 1352
1353 * A new tool systemd-sysusers has been added. This tool
1354 creates system users and groups in /etc/passwd and
1355 /etc/group, based on static declarative system user/group
1356 definitions in /usr/lib/sysusers.d/. This is useful to
1357 enable factory resets and volatile systems that boot up with
1358 an empty /etc directory, and thus need system users and
1359 groups created during early boot. systemd now also ships
1360 with two default sysusers.d/ files for the most basic
1361 users and groups systemd and the core operating system
1362 require.
1363
1364 * A new tmpfiles snippet has been added that rebuilds the
1365 essential files in /etc on boot, should they be missing.
1366
1367 * A directive for ensuring automatic clean-up of
1368 /var/cache/man/ has been removed from the default
1369 configuration. This line should now be shipped by the man
1370 implementation. The necessary change has been made to the
1371 man-db implementation. Note that you need to update your man
1372 implementation to one that ships this line, otherwise no
1373 automatic clean-up of /var/cache/man will take place.
1374
1375 * A new condition ConditionNeedsUpdate= has been added that
1376 may conditionalize services to only run when /etc or /var
1377 are "older" than the vendor operating system resources in
1378 /usr. This is useful for reconstructing or updating /etc
1379 after an offline update of /usr or a factory reset, on the
1380 next reboot. Services that want to run once after such an
1381 update or reset should use this condition and order
1382 themselves before the new systemd-update-done.service, which
1383 will mark the two directories as fully updated. A number of
1384 service files have been added making use of this, to rebuild
1385 the udev hardware database, the journald message catalog and
1386 dynamic loader cache (ldconfig). The systemd-sysusers tool
1387 described above also makes use of this now. With this in
1388 place it is now possible to start up a minimal operating
ce1dde29 1389 system with /etc empty cleanly. For more information on the
24a2bf4c
LP		 1390 concepts involved see this recent blog story:
1391
1392 http://0pointer.de/blog/projects/stateless.html
1393
1394 * A new system group "input" has been introduced, and all
1395 input device nodes get this group assigned. This is useful
1396 for system-level software to get access to input devices. It
3dff3e00
KS		 1397 complements what is already done for "audio" and "video".
1398
24a2bf4c
LP		 1399 * systemd-networkd learnt minimal DHCPv4 server support in
1400 addition to the existing DHCPv4 client support. It also
1401 learnt DHCPv6 client and IPv6 Router Solicitation client
1402 support. The DHCPv4 client gained support for static routes
1403 passed in from the server. Note that the [DHCPv4] section
1404 known in older systemd-networkd versions has been renamed to
1405 [DHCP] and is now also used by the DHCPv6 client. Existing
c7435cc9
LP		 1406 .network files using settings of this section should be
1407 updated, though compatibility is maintained. Optionally, the
1408 client hostname may now be sent to the DHCP server.
24a2bf4c 1409
c7435cc9
LP		 1410 * networkd gained support for vxlan virtual networks as well
1411 as tun/tap and dummy devices.
24a2bf4c
LP		 1412
1413 * networkd gained support for automatic allocation of address
1414 ranges for interfaces from a system-wide pool of
1415 addresses. This is useful for dynamically managing a large
1416 number of interfaces with a single network configuration
1417 file. In particular this is useful to easily assign
1418 appropriate IP addresses to the veth links of a large number
1419 of nspawn instances.
1420
1421 * RPM macros for processing sysusers, sysctl and binfmt
1422 drop-in snippets at package installation time have been
1423 added.
1424
1425 * The /etc/os-release file should now be placed in
1426 /usr/lib/os-release. The old location is automatically
1427 created as symlink. /usr/lib is the more appropriate
1428 location of this file, since it shall actually describe the
1429 vendor operating system shipped in /usr, and not the
1430 configuration stored in /etc.
1431
1432 * .mount units gained a new boolean SloppyOptions= setting
1433 that maps to mount(8)'s -s option which enables permissive
1434 parsing of unknown mount options.
1435
1436 * tmpfiles learnt a new "L+" directive which creates a symlink
1437 but (unlike "L") deletes a pre-existing file first, should
1438 it already exist and not already be the correct
1439 symlink. Similar, "b+", "c+" and "p+" directives have been
1440 added as well, which create block and character devices, as
1441 well as fifos in the filesystem, possibly removing any
1442 pre-existing files of different types.
1443
1444 * For tmpfiles' "L", "L+", "C" and "C+" directives the final
1445 'argument' field (which so far specified the source to
ce1dde29 1446 symlink/copy the files from) is now optional. If omitted the
24a2bf4c
LP		 1447 same file os copied from /usr/share/factory/ suffixed by the
1448 full destination path. This is useful for populating /etc
1449 with essential files, by copying them from vendor defaults
1450 shipped in /usr/share/factory/etc.
1451
1452 * A new command "systemctl preset-all" has been added that
1453 applies the service preset settings to all installed unit
1454 files. A new switch --preset-mode= has been added that
1455 controls whether only enable or only disable operations
1456 shall be executed.
1457
1458 * A new command "systemctl is-system-running" has been added
1459 that allows checking the overall state of the system, for
ce1dde29 1460 example whether it is fully up and running.
24a2bf4c
LP		 1461
1462 * When the system boots up with an empty /etc, the equivalent
1463 to "systemctl preset-all" is executed during early boot, to
1464 make sure all default services are enabled after a factory
1465 reset.
1466
1467 * systemd now contains a minimal preset file that enables the
1468 most basic services systemd ships by default.
1469
1470 * Unit files' [Install] section gained a new DefaultInstance=
1471 field for defining the default instance to create if a
1472 template unit is enabled with no instance specified.
1473
1474 * A new passive target cryptsetup-pre.target has been added
1475 that may be used by services that need to make they run and
1476 finish before the first LUKS cryptographic device is set up.
1477
1478 * The /dev/loop-control and /dev/btrfs-control device nodes
1479 are now owned by the "disk" group by default, opening up
1480 access to this group.
1481
1482 * systemd-coredump will now automatically generate a
1483 stack trace of all core dumps taking place on the system,
1484 based on elfutils' libdw library. This stack trace is logged
1485 to the journal.
1486
1487 * systemd-coredump may now optionally store coredumps directly
1488 on disk (in /var/lib/systemd/coredump, possibly compressed),
1489 instead of storing them unconditionally in the journal. This
1490 mode is the new default. A new configuration file
1491 /etc/systemd/coredump.conf has been added to configure this
1492 and other parameters of systemd-coredump.
1493
1494 * coredumpctl gained a new "info" verb to show details about a
1495 specific coredump. A new switch "-1" has also been added
1496 that makes sure to only show information about the most
1497 recent entry instead of all entries. Also, as the tool is
1498 generally useful now the "systemd-" prefix of the binary
1499 name has been removed. Distributions that want to maintain
1500 compatibility with the old name should add a symlink from
1501 the old name to the new name.
1502
1503 * journald's SplitMode= now defaults to "uid". This makes sure
ce1dde29 1504 that unprivileged users can access their own coredumps with
24a2bf4c
LP		 1505 coredumpctl without restrictions.
1506
1507 * New kernel command line options "systemd.wants=" (for
1508 pulling an additional unit during boot), "systemd.mask="
1509 (for masking a specific unit for the boot), and
1510 "systemd.debug-shell" (for enabling the debug shell on tty9)
1511 have been added. This is implemented in the new generator
1512 "systemd-debug-generator".
1513
1514 * systemd-nspawn will now by default filter a couple of
1515 syscalls for containers, among them those required for
1516 kernel module loading, direct x86 IO port access, swap
1517 management, and kexec. Most importantly though
1518 open_by_handle_at() is now prohibited for containers,
1519 closing a hole similar to a recently discussed vulnerability
1520 in docker regarding access to files on file hierarchies the
1521 container should normally not have access to. Note that for
1522 nspawn we generally make no security claims anyway (and
1523 this is explicitly documented in the man page), so this is
1524 just a fix for one of the most obvious problems.
1525
1526 * A new man page file-hierarchy(7) has been added that
1527 contains a minimized, modernized version of the file system
1528 layout systemd expects, similar in style to the FHS
c7435cc9
LP		 1529 specification or hier(5). A new tool systemd-path(1) has
1530 been added to query many of these paths for the local
1531 machine and user.
24a2bf4c
LP		 1532
1533 * Automatic time-based clean-up of $XDG_RUNTIME_DIR is no
1534 longer done. Since the directory now has a per-user size
1535 limit, and is cleaned on logout this appears unnecessary,
1536 in particular since this now brings the lifecycle of this
1537 directory closer in line with how IPC objects are handled.
1538
1539 * systemd.pc now exports a number of additional directories,
1540 including $libdir (which is useful to identify the library
1541 path for the primary architecture of the system), and a
1542 couple of drop-in directories.
1543
3058e017
TLSC		 1544 * udev's predictable network interface names now use the dev_port
1545 sysfs attribute, introduced in linux 3.15 instead of dev_id to
1546 distinguish between ports of the same PCI function. dev_id should
1547 only be used for ports using the same HW address, hence the need
1548 for dev_port.
1549
c7435cc9
LP		 1550 * machined has been updated to export the OS version of a
1551 container (read from /etc/os-release and
1552 /usr/lib/os-release) on the bus. This is now shown in
1553 "machinectl status" for a machine.
1554
1555 * A new service setting RestartForceExitStatus= has been
1556 added. If configured to a set of exit signals or process
1557 return values, the service will be restarted when the main
1558 daemon process exits with any of them, regardless of the
1559 Restart= setting.
1560
1561 * systemctl's -H switch for connecting to remote systemd
1562 machines has been extended so that it may be used to
1563 directly connect to a specific container on the
1564 host. "systemctl -H root@foobar:waldi" will now connect as
1565 user "root" to host "foobar", and then proceed directly to
1566 the container named "waldi". Note that currently you have to
1567 authenticate as user "root" for this to work, as entering
1568 containers is a privileged operation.
1569
1570 Contributions from: Andreas Henriksson, Benjamin Steinwender,
1571 Carl Schaefer, Christian Hesse, Colin Ian King, Cristian
1572 Rodríguez, Daniel Mack, Dave Reisner, David Herrmann, Eugene
1573 Yakubovich, Filipe Brandenburger, Frederic Crozat, Hristo
1574 Venev, Jan Engelhardt, Jonathan Boulle, Kay Sievers, Lennart
1575 Poettering, Luke Shumaker, Mantas Mikulėnas, Marc-Antoine
1576 Perennou, Marcel Holtmann, Michael Marineau, Michael Olbrich,
1577 Michał Bartoszkiewicz, Michal Sekletar, Patrik Flykt, Ronan Le
1578 Martret, Ronny Chevalier, Ruediger Oertel, Steven Noonan,
1579 Susant Sahani, Thadeu Lima de Souza Cascardo, Thomas Hindoe
1580 Paaboel Andersen, Tom Gundersen, Tom Hirst, Umut Tezduyar
1581 Lindskog, Uoti Urpala, Zbigniew Jędrzejewski-Szmek
1582
1583 -- Berlin, 2014-07-03
1584
4196a3ea
KS		 1585CHANGES WITH 214:
1586
1587 * As an experimental feature, udev now tries to lock the
1588 disk device node (flock(LOCK_SH|LOCK_NB)) while it
1589 executes events for the disk or any of its partitions.
1590 Applications like partitioning programs can lock the
1591 disk device node (flock(LOCK_EX)) and claim temporary
1592 device ownership that way; udev will entirely skip all event
1593 handling for this disk and its partitions. If the disk
1594 was opened for writing, the close will trigger a partition
1595 table rescan in udev's "watch" facility, and if needed
71449caf 1596 synthesize "change" events for the disk and all its partitions.
8d0e0ddd 1597 This is now unconditionally enabled, and if it turns out to
4196a3ea 1598 cause major problems, we might turn it on only for specific
45df8656 1599 devices, or might need to disable it entirely. Device Mapper
4196a3ea
KS		 1600 devices are excluded from this logic.
1601
04e91da2
LP		 1602 * We temporarily dropped the "-l" switch for fsck invocations,
1603 since they collide with the flock() logic above. util-linux
1604 upstream has been changed already to avoid this conflict,
1605 and we will readd "-l" as soon as util-linux with this
1606 change has been released.
1607
1608 * The dependency on libattr has been removed. Since a long
8d0e0ddd 1609 time, the extended attribute calls have moved to glibc, and
04e91da2
LP		 1610 libattr is thus unnecessary.
1611
1612 * Virtualization detection works without priviliges now. This
1613 means the systemd-detect-virt binary no longer requires
1614 CAP_SYS_PTRACE file capabilities, and our daemons can run
71449caf 1615 with fewer privileges.
04e91da2
LP		 1616
1617 * systemd-networkd now runs under its own "systemd-network"
1618 user. It retains the CAP_NET_ADMIN, CAP_NET_BIND_SERVICE,
1619 CAP_NET_BROADCAST, CAP_NET_RAW capabilities though, but
1620 loses the ability to write to files owned by root this way.
1621
1622 * Similar, systemd-resolved now runs under its own
1623 "systemd-resolve" user with no capabilities remaining.
1624
1625 * Similar, systemd-bus-proxyd now runs under its own
1626 "systemd-bus-proxy" user with only CAP_IPC_OWNER remaining.
1627
1628 * systemd-networkd gained support for setting up "veth"
1629 virtual ethernet devices for container connectivity, as well
1630 as GRE and VTI tunnels.
1631
1632 * systemd-networkd will no longer automatically attempt to
1633 manually load kernel modules necessary for certain tunnel
8d0e0ddd 1634 transports. Instead, it is assumed the kernel loads them
04e91da2
LP		 1635 automatically when required. This only works correctly on
1636 very new kernels. On older kernels, please consider adding
c54bed5d 1637 the kernel modules to /etc/modules-load.d/ as a work-around.
04e91da2 1638
cd14eda3 1639 * The resolv.conf file systemd-resolved generates has been
8d0e0ddd
JE		 1640 moved to /run/systemd/resolve/. If you have a symlink from
1641 /etc/resolv.conf, it might be necessary to correct it.
cd14eda3 1642
ef392da6 1643 * Two new service settings, ProtectHome= and ProtectSystem=,
8d0e0ddd 1644 have been added. When enabled, they will make the user data
04e91da2
LP		 1645 (such as /home) inaccessible or read-only and the system
1646 (such as /usr) read-only, for specific services. This allows
1647 very light-weight per-service sandboxing to avoid
1648 modifications of user data or system files from
1649 services. These two new switches have been enabled for all
1650 of systemd's long-running services, where appropriate.
1651
1652 * Socket units gained new SocketUser= and SocketGroup=
1653 settings to set the owner user and group of AF_UNIX sockets
1654 and FIFOs in the file system.
1655
8d0e0ddd 1656 * Socket units gained a new RemoveOnStop= setting. If enabled,
04e91da2
LP		 1657 all FIFOS and sockets in the file system will be removed
1658 when the specific socket unit is stopped.
1659
1660 * Socket units gained a new Symlinks= setting. It takes a list
1661 of symlinks to create to file system sockets or FIFOs
45df8656 1662 created by the specific Unix sockets. This is useful to
71449caf 1663 manage symlinks to socket nodes with the same life-cycle as
04e91da2
LP		 1664 the socket itself.
1665
1666 * The /dev/log socket and /dev/initctl FIFO have been moved to
1667 /run, and have been replaced by symlinks. This allows
1668 connecting to these facilities even if PrivateDevices=yes is
1669 used for a service (which makes /dev/log itself unavailable,
1670 but /run is left). This also has the benefit of ensuring
1671 that /dev only contains device nodes, directories and
1672 symlinks, and nothing else.
1673
1674 * sd-daemon gained two new calls sd_pid_notify() and
1675 sd_pid_notifyf(). They are similar to sd_notify() and
1676 sd_notifyf(), but allow overriding of the source PID of
1677 notification messages if permissions permit this. This is
1678 useful to send notify messages on behalf of a different
1679 process (for example, the parent process). The
1680 systemd-notify tool has been updated to make use of this
1681 when sending messages (so that notification messages now
1682 originate from the shell script invoking systemd-notify and
1683 not the systemd-notify process itself. This should minimize
1684 a race where systemd fails to associate notification
1685 messages to services when the originating process already
1686 vanished.
1687
1688 * A new "on-abnormal" setting for Restart= has been added. If
8d0e0ddd 1689 set, it will result in automatic restarts on all "abnormal"
04e91da2
LP		 1690 reasons for a process to exit, which includes unclean
1691 signals, core dumps, timeouts and watchdog timeouts, but
1692 does not include clean and unclean exit codes or clean
1693 signals. Restart=on-abnormal is an alternative for
1694 Restart=on-failure for services that shall be able to
1695 terminate and avoid restarts on certain errors, by
1696 indicating so with an unclean exit code. Restart=on-failure
1697 or Restart=on-abnormal is now the recommended setting for
1698 all long-running services.
1699
1700 * If the InaccessibleDirectories= service setting points to a
1701 mount point (or if there are any submounts contained within
1702 it), it is now attempted to completely unmount it, to make
1703 the file systems truly unavailable for the respective
1704 service.
1705
1706 * The ReadOnlyDirectories= service setting and
1707 systemd-nspawn's --read-only parameter are now recursively
1708 applied to all submounts, too.
1709
1710 * Mount units may now be created transiently via the bus APIs.
1711
1712 * The support for SysV and LSB init scripts has been removed
1713 from the systemd daemon itself. Instead, it is now
1714 implemented as a generator that creates native systemd units
1715 from these scripts when needed. This enables us to remove a
1716 substantial amount of legacy code from PID 1, following the
1717 fact that many distributions only ship a very small number
1718 of LSB/SysV init scripts nowadays.
1719
cc98b302 1720 * Privileged Xen (dom0) domains are not considered
04e91da2
LP		 1721 virtualization anymore by the virtualization detection
1722 logic. After all, they generally have unrestricted access to
71449caf 1723 the hardware and usually are used to manage the unprivileged
04e91da2
LP		 1724 (domU) domains.
1725
1726 * systemd-tmpfiles gained a new "C" line type, for copying
1727 files or entire directories.
1728
1729 * systemd-tmpfiles "m" lines are now fully equivalent to "z"
8d0e0ddd
JE		 1730 lines. So far, they have been non-globbing versions of the
1731 latter, and have thus been redundant. In future, it is
1732 recommended to only use "z". "m" has hence been removed
04e91da2
LP		 1733 from the documentation, even though it stays supported.
1734
1735 * A tmpfiles snippet to recreate the most basic structure in
1736 /var has been added. This is enough to create the /var/run →
1737 /run symlink and create a couple of structural
1738 directories. This allows systems to boot up with an empty or
8d0e0ddd
JE		 1739 volatile /var. Of course, while with this change, the core OS
1740 now is capable with dealing with a volatile /var, not all
04e91da2 1741 user services are ready for it. However, we hope that sooner
8d0e0ddd 1742 or later, many service daemons will be changed upstream so
04e91da2
LP		 1743 that they are able to automatically create their necessary
1744 directories in /var at boot, should they be missing. This is
1745 the first step to allow state-less systems that only require
1746 the vendor image for /usr to boot.
1747
1748 * systemd-nspawn has gained a new --tmpfs= switch to mount an
1749 empty tmpfs instance to a specific directory. This is
1750 particularly useful for making use of the automatic
1751 reconstruction of /var (see above), by passing --tmpfs=/var.
1752
1753 * Access modes specified in tmpfiles snippets may now be
1754 prefixed with "~", which indicates that they shall be masked
daa05349 1755 by whether the existing file or directory is currently
8d0e0ddd 1756 writable, readable or executable at all. Also, if specified,
04e91da2
LP		 1757 the sgid/suid/sticky bits will be masked for all
1758 non-directories.
1759
1760 * A new passive target unit "network-pre.target" has been
1761 added which is useful for services that shall run before any
1762 network is configured, for example firewall scripts.
1763
4c0d13bd
LP		 1764 * The "floppy" group that previously owned the /dev/fd*
1765 devices is no longer used. The "disk" group is now used
1766 instead. Distributions should probably deprecate usage of
1767 this group.
1768
dc1d6c02
LP		 1769 Contributions from: Camilo Aguilar, Christian Hesse, Colin Ian
1770 King, Cristian Rodríguez, Daniel Buch, Dave Reisner, David
1771 Strauss, Denis Tikhomirov, John, Jonathan Liu, Kay Sievers,
1772 Lennart Poettering, Mantas Mikulėnas, Mark Eichin, Ronny
1773 Chevalier, Susant Sahani, Thomas Blume, Thomas Hindoe Paaboel
1774 Andersen, Tom Gundersen, Umut Tezduyar Lindskog, Zbigniew
1775 Jędrzejewski-Szmek
1776
1777 -- Berlin, 2014-06-11
1778
6936cd89
LP		 1779CHANGES WITH 213:
1780
1781 * A new "systemd-timesyncd" daemon has been added for
69beda1f 1782 synchronizing the system clock across the network. It
6936cd89 1783 implements an SNTP client. In contrast to NTP
8d0e0ddd 1784 implementations such as chrony or the NTP reference server,
6936cd89 1785 this only implements a client side, and does not bother with
c9679c65
LP		 1786 the full NTP complexity, focusing only on querying time from
1787 one remote server and synchronizing the local clock to
6936cd89 1788 it. Unless you intend to serve NTP to networked clients or
8d0e0ddd 1789 want to connect to local hardware clocks, this simple NTP
6936cd89
LP		 1790 client should be more than appropriate for most
1791 installations. The daemon runs with minimal privileges, and
1792 has been hooked up with networkd to only operate when
1793 network connectivity is available. The daemon saves the
1794 current clock to disk every time a new NTP sync has been
1795 acquired, and uses this to possibly correct the system clock
69beda1f 1796 early at bootup, in order to accommodate for systems that
6936cd89 1797 lack an RTC such as the Raspberry Pi and embedded devices,
8d0e0ddd 1798 and to make sure that time monotonically progresses on these
c9679c65 1799 systems, even if it is not always correct. To make use of
8d0e0ddd 1800 this daemon, a new system user and group "systemd-timesync"
c9679c65 1801 needs to be created on installation of systemd.
6936cd89 1802
69beda1f
KS		 1803 * The queue "seqnum" interface of libudev has been disabled, as
1804 it was generally incompatible with device namespacing as
6936cd89
LP		 1805 sequence numbers of devices go "missing" if the devices are
1806 part of a different namespace.
1807
1808 * "systemctl list-timers" and "systemctl list-sockets" gained
1809 a --recursive switch for showing units of these types also
499b604b
ZJS		 1810 for all local containers, similar in style to the already
1811 supported --recursive switch for "systemctl list-units".
6936cd89
LP		 1812
1813 * A new RebootArgument= setting has been added for service
1814 units, which may be used to specify a kernel reboot argument
499b604b 1815 to use when triggering reboots with StartLimitAction=.
6936cd89
LP		 1816
1817 * A new FailureAction= setting has been added for service
1818 units which may be used to specify an operation to trigger
499b604b 1819 when a service fails. This works similarly to
8d0e0ddd 1820 StartLimitAction=, but unlike it, controls what is done
6936cd89
LP		 1821 immediately rather than only after several attempts to
1822 restart the service in question.
1823
1824 * hostnamed got updated to also expose the kernel name,
499b604b
ZJS		 1825 release, and version on the bus. This is useful for
1826 executing commands like hostnamectl with the -H switch.
1827 systemd-analyze makes use of this to properly display
1828 details when running non-locally.
6936cd89
LP		 1829
1830 * The bootchart tool can now show cgroup information in the
1831 graphs it generates.
1832
1833 * The CFS CPU quota cgroup attribute is now exposed for
1834 services. The new CPUQuota= switch has been added for this
1835 which takes a percentage value. Setting this will have the
1836 result that a service may never get more CPU time than the
1837 specified percentage, even if the machine is otherwise idle.
1838
1839 * systemd-networkd learned IPIP and SIT tunnel support.
1840
1841 * LSB init scripts exposing a dependency on $network will now
1842 get a dependency on network-online.target rather than simply
1843 network.target. This should bring LSB handling closer to
1844 what it was on SysV systems.
1845
1846 * A new fsck.repair= kernel option has been added to control
1847 how fsck shall deal with unclean file systems at boot.
1848
1849 * The (.ini) configuration file parser will now silently
1850 ignore sections whose name begins with "X-". This may be
1851 used to maintain application-specific extension sections in unit
1852 files.
1853
1854 * machined gained a new API to query the IP addresses of
1855 registered containers. "machinectl status" has been updated
1856 to show these addresses in its output.
1857
1858 * A new call sd_uid_get_display() has been added to the
1859 sd-login APIs for querying the "primary" session of a
1860 user. The "primary" session of the user is elected from the
1861 user's sessions and generally a graphical session is
1862 preferred over a text one.
1863
1864 * A minimal systemd-resolved daemon has been added. It
1865 currently simply acts as a companion to systemd-networkd and
1866 manages resolv.conf based on per-interface DNS
1867 configuration, possibly supplied via DHCP. In the long run
1868 we hope to extend this into a local DNSSEC enabled DNS and
1869 mDNS cache.
1870
68dd0956
TG		 1871 * The systemd-networkd-wait-online tool is now enabled by
1872 default. It will delay network-online.target until a network
1873 connection has been configured. The tool primarily integrates
1874 with networkd, but will also make a best effort to make sense
1875 of network configuration performed in some other way.
1876
6936cd89 1877 * Two new service options StartupCPUShares= and
499b604b 1878 StartupBlockIOWeight= have been added that work similarly to
6936cd89 1879 CPUShares= and BlockIOWeight= however only apply during
69beda1f 1880 system startup. This is useful to prioritize certain services
6936cd89
LP		 1881 differently during bootup than during normal runtime.
1882
8e7acf67
LP		 1883 * hostnamed has been changed to prefer the statically
1884 configured hostname in /etc/hostname (unless set to
1885 'localhost' or empty) over any dynamic one supplied by
8d0e0ddd 1886 dhcp. With this change, the rules for picking the hostname
8e7acf67
LP		 1887 match more closely the rules of other configuration settings
1888 where the local administrator's configuration in /etc always
1889 overrides any other settings.
1890
1891 Contributions fron: Ali H. Caliskan, Alison Chaiken, Bas van
6936cd89
LP		 1892 den Berg, Brandon Philips, Cristian Rodríguez, Daniel Buch,
1893 Dan Kilman, Dave Reisner, David Härdeman, David Herrmann,
1894 David Strauss, Dimitris Spingos, Djalal Harouni, Eelco
1895 Dolstra, Evan Nemerson, Florian Albrechtskirchinger, Greg
1896 Kroah-Hartman, Harald Hoyer, Holger Hans Peter Freyther, Jan
1897 Engelhardt, Jani Nikula, Jason St. John, Jeffrey Clark,
1898 Jonathan Boulle, Kay Sievers, Lennart Poettering, Lukas
1899 Nykryn, Lukasz Skalski, Łukasz Stelmach, Mantas Mikulėnas,
8e7acf67
LP		 1900 Marcel Holtmann, Martin Pitt, Matthew Monaco, Michael
1901 Marineau, Michael Olbrich, Michal Sekletar, Mike Gilbert, Nis
1902 Martensen, Patrik Flykt, Philip Lorenz, poma, Ray Strode,
1903 Reyad Attiyat, Robert Milasan, Scott Thrasher, Stef Walter,
1904 Steven Siloti, Susant Sahani, Tanu Kaskinen, Thomas Bächler,
1905 Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar
1906 Lindskog, WaLyong Cho, Will Woods, Zbigniew
6936cd89
LP		 1907 Jędrzejewski-Szmek
1908
8e7acf67 1909 -- Beijing, 2014-05-28
6936cd89 1910
51c61cda
LP		 1911CHANGES WITH 212:
1912
1913 * When restoring the screen brightness at boot, stay away from
1914 the darkest setting or from the lowest 5% of the available
1915 range, depending on which is the larger value of both. This
1916 should effectively protect the user from rebooting into a
1917 black screen, should the brightness have been set to minimum
1918 by accident.
1919
1920 * sd-login gained a new sd_machine_get_class() call to
1921 determine the class ("vm" or "container") of a machine
1922 registered with machined.
1923
1924 * sd-login gained new calls
1925 sd_peer_get_{session,owner_uid,unit,user_unit,slice,machine_name}(),
1926 to query the identity of the peer of a local AF_UNIX
499b604b 1927 connection. They operate similarly to their sd_pid_get_xyz()
51c61cda
LP		 1928 counterparts.
1929
1930 * PID 1 will now maintain a system-wide system state engine
1931 with the states "starting", "running", "degraded",
1932 "maintenance", "stopping". These states are bound to system
1933 startup, normal runtime, runtime with at least one failed
1934 service, rescue/emergency mode and system shutdown. This
1935 state is shown in the "systemctl status" output when no unit
1936 name is passed. It is useful to determine system state, in
1937 particularly when doing so for many systems or containers at
1938 once.
1939
1940 * A new command "list-machines" has been added to "systemctl"
1941 that lists all local OS containers and shows their system
1942 state (see above), if systemd runs inside of them.
1943
1944 * systemctl gained a new "-r" switch to recursively enumerate
1945 units on all local containers, when used with the
1946 "list-unit" command (which is the default one that is
1947 executed when no parameters are specified).
1948
1949 * The GPT automatic partition discovery logic will now honour
1950 two GPT partition flags: one may be set on a partition to
1951 cause it to be mounted read-only, and the other may be set
1952 on a partition to ignore it during automatic discovery.
1953
1954 * Two new GPT type UUIDs have been added for automatic root
70a44afe 1955 partition discovery, for 32-bit and 64-bit ARM. This is not
51c61cda
LP		 1956 particularly useful for discovering the root directory on
1957 these architectures during bare-metal boots (since UEFI is
1958 not common there), but still very useful to allow booting of
1959 ARM disk images in nspawn with the -i option.
1960
1961 * MAC addresses of interfaces created with nspawn's
1962 --network-interface= switch will now be generated from the
1963 machine name, and thus be stable between multiple invocations
1964 of the container.
1965
1966 * logind will now automatically remove all IPC objects owned
1967 by a user if she or he fully logs out. This makes sure that
1968 users who are logged out cannot continue to consume IPC
1969 resources. This covers SysV memory, semaphores and message
1970 queues as well as POSIX shared memory and message
b8bde116
JE		 1971 queues. Traditionally, SysV and POSIX IPC had no life-cycle
1972 limits. With this functionality, that is corrected. This may
1973 be turned off by using the RemoveIPC= switch of logind.conf.
51c61cda
LP		 1974
1975 * The systemd-machine-id-setup and tmpfiles tools gained a
1976 --root= switch to operate on a specific root directory,
1977 instead of /.
1978
1979 * journald can now forward logged messages to the TTYs of all
1980 logged in users ("wall"). This is the default for all
1981 emergency messages now.
1982
1983 * A new tool systemd-journal-remote has been added to stream
1984 journal log messages across the network.
1985
1986 * /sys/fs/cgroup/ is now mounted read-only after all cgroup
1987 controller trees are mounted into it. Note that the
1988 directories mounted beneath it are not read-only. This is a
1989 security measure and is particularly useful because glibc
1990 actually includes a search logic to pick any tmpfs it can
1991 find to implement shm_open() if /dev/shm is not available
1992 (which it might very well be in namespaced setups).
1993
1994 * machinectl gained a new "poweroff" command to cleanly power
1995 down a local OS container.
1996
1997 * The PrivateDevices= unit file setting will now also drop the
1998 CAP_MKNOD capability from the capability bound set, and
1999 imply DevicePolicy=closed.
2000
2001 * PrivateDevices=, PrivateNetwork= and PrivateTmp= is now used
2002 comprehensively on all long-running systemd services where
2003 this is appropriate.
2004
2005 * systemd-udevd will now run in a disassociated mount
b8bde116 2006 namespace. To mount directories from udev rules, make sure to
51c61cda
LP		 2007 pull in mount units via SYSTEMD_WANTS properties.
2008
2009 * The kdbus support gained support for uploading policy into
2010 the kernel. sd-bus gained support for creating "monitoring"
2011 connections that can eavesdrop into all bus communication
2012 for debugging purposes.
2013
2014 * Timestamps may now be specified in seconds since the UNIX
2015 epoch Jan 1st, 1970 by specifying "@" followed by the value
2016 in seconds.
2017
2018 * Native tcpwrap support in systemd has been removed. tcpwrap
2019 is old code, not really maintained anymore and has serious
2020 shortcomings, and better options such as firewalls
2021 exist. For setups that require tcpwrap usage, please
2022 consider invoking your socket-activated service via tcpd,
2023 like on traditional inetd.
2024
2025 * A new system.conf configuration option
2026 DefaultTimerAccuracySec= has been added that controls the
2027 default AccuracySec= setting of .timer units.
2028
b8bde116 2029 * Timer units gained a new WakeSystem= switch. If enabled,
51c61cda
LP		 2030 timers configured this way will cause the system to resume
2031 from system suspend (if the system supports that, which most
2032 do these days).
2033
b8bde116 2034 * Timer units gained a new Persistent= switch. If enabled,
51c61cda
LP		 2035 timers configured this way will save to disk when they have
2036 been last triggered. This information is then used on next
2037 reboot to possible execute overdue timer events, that
d28315e4
JE		 2038 could not take place because the system was powered off.
2039 This enables simple anacron-like behaviour for timer units.
51c61cda
LP		 2040
2041 * systemctl's "list-timers" will now also list the time a
2042 timer unit was last triggered in addition to the next time
2043 it will be triggered.
2044
2045 * systemd-networkd will now assign predictable IPv4LL
2046 addresses to its local interfaces.
2047
2048 Contributions from: Brandon Philips, Daniel Buch, Daniel Mack,
2049 Dave Reisner, David Herrmann, Gerd Hoffmann, Greg
2050 Kroah-Hartman, Hendrik Brueckner, Jason St. John, Josh
2051 Triplett, Kay Sievers, Lennart Poettering, Marc-Antoine
2052 Perennou, Michael Marineau, Michael Olbrich, Miklos Vajna,
2053 Patrik Flykt, poma, Sebastian Thorarensen, Thomas Bächler,
2054 Thomas Hindoe Paaboel Andersen, Tomasz Torcz, Tom Gundersen,
2055 Umut Tezduyar Lindskog, Wieland Hoffmann, Zbigniew
2056 Jędrzejewski-Szmek
2057
2058 -- Berlin, 2014-03-25
2059
699b6b34
LP		 2060CHANGES WITH 211:
2061
2062 * A new unit file setting RestrictAddressFamilies= has been
2063 added to restrict which socket address families unit
2064 processes gain access to. This takes address family names
2065 like "AF_INET" or "AF_UNIX", and is useful to minimize the
2066 attack surface of services via exotic protocol stacks. This
2067 is built on seccomp system call filters.
2068
2069 * Two new unit file settings RuntimeDirectory= and
2070 RuntimeDirectoryMode= have been added that may be used to
2071 manage a per-daemon runtime directories below /run. This is
2072 an alternative for setting up directory permissions with
2073 tmpfiles snippets, and has the advantage that the runtime
2074 directory's lifetime is bound to the daemon runtime and that
2075 the daemon starts up with an empty directory each time. This
2076 is particularly useful when writing services that drop
f1721625 2077 privileges using the User= or Group= setting.
699b6b34
LP		 2078
2079 * The DeviceAllow= unit setting now supports globbing for
2080 matching against device group names.
2081
2082 * The systemd configuration file system.conf gained new
2083 settings DefaultCPUAccounting=, DefaultBlockIOAccounting=,
2084 DefaultMemoryAccounting= to globally turn on/off accounting
2085 for specific resources (cgroups) for all units. These
22e7062d 2086 settings may still be overridden individually in each unit
699b6b34
LP		 2087 though.
2088
2089 * systemd-gpt-auto-generator is now able to discover /srv and
2090 root partitions in addition to /home and swap partitions. It
2091 also supports LUKS-encrypted partitions now. With this in
b8bde116 2092 place, automatic discovery of partitions to mount following
699b6b34
LP		 2093 the Discoverable Partitions Specification
2094 (http://www.freedesktop.org/wiki/Specifications/DiscoverablePartitionsSpec)
2095 is now a lot more complete. This allows booting without
2096 /etc/fstab and without root= on the kernel command line on
b8bde116 2097 systems prepared appropriately.
699b6b34
LP		 2098
2099 * systemd-nspawn gained a new --image= switch which allows
2100 booting up disk images and Linux installations on any block
2101 device that follow the Discoverable Partitions Specification
2102 (see above). This means that installations made with
2103 appropriately updated installers may now be started and
2104 deployed using container managers, completely
2105 unmodified. (We hope that libvirt-lxc will add support for
2106 this feature soon, too.)
2107
2108 * systemd-nspawn gained a new --network-macvlan= setting to
2109 set up a private macvlan interface for the
499b604b 2110 container. Similarly, systemd-networkd gained a new
699b6b34
LP		 2111 Kind=macvlan setting in .netdev files.
2112
2113 * systemd-networkd now supports configuring local addresses
2114 using IPv4LL.
2115
2116 * A new tool systemd-network-wait-online has been added to
2117 synchronously wait for network connectivity using
2118 systemd-networkd.
2119
2120 * The sd-bus.h bus API gained a new sd_bus_track object for
2121 tracking the life-cycle of bus peers. Note that sd-bus.h is
2122 still not a public API though (unless you specify
2123 --enable-kdbus on the configure command line, which however
2124 voids your warranty and you get no API stability guarantee).
2125
2126 * The $XDG_RUNTIME_DIR runtime directories for each user are
2127 now individual tmpfs instances, which has the benefit of
2128 introducing separate pools for each user, with individual
4ef6e535 2129 size limits, and thus making sure that unprivileged clients
699b6b34
LP		 2130 can no longer negatively impact the system or other users by
2131 filling up their $XDG_RUNTIME_DIR. A new logind.conf setting
2132 RuntimeDirectorySize= has been introduced that allows
2133 controlling the default size limit for all users. It
2134 defaults to 10% of the available physical memory. This is no
2135 replacement for quotas on tmpfs though (which the kernel
2136 still does not support), as /dev/shm and /tmp are still
4ef6e535 2137 shared resources used by both the system and unprivileged
699b6b34
LP		 2138 users.
2139
2140 * logind will now automatically turn off automatic suspending
2141 on laptop lid close when more than one display is
2142 connected. This was previously expected to be implemented
2143 individually in desktop environments (such as GNOME),
2144 however has been added to logind now, in order to fix a
2145 boot-time race where a desktop environment might not have
2146 been started yet and thus not been able to take an inhibitor
2147 lock at the time where logind already suspends the system
2148 due to a closed lid.
2149
2150 * logind will now wait at least 30s after each system
2151 suspend/resume cycle, and 3min after system boot before
2152 suspending the system due to a closed laptop lid. This
2153 should give USB docking stations and similar enough time to
4ef6e535 2154 be probed and configured after system resume and boot in
699b6b34
LP		 2155 order to then act as suspend blocker.
2156
2157 * systemd-run gained a new --property= setting which allows
2158 initialization of resource control properties (and others)
2159 for the created scope or service unit. Example: "systemd-run
2160 --property=BlockIOWeight=10 updatedb" may be used to run
2161 updatedb at a low block IO scheduling weight.
2162
2163 * systemd-run's --uid=, --gid=, --setenv=, --setenv= switches
2164 now also work in --scope mode.
2165
2166 * When systemd is compiled with kdbus support, basic support
2167 for enforced policies is now in place. (Note that enabling
2168 kdbus still voids your warranty and no API compatibility
2169 promises are made.)
2170
2171 Contributions from: Andrey Borzenkov, Ansgar Burchardt, Armin
2172 K., Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni,
2173 Harald Hoyer, Henrik Grindal Bakken, Jasper St. Pierre, Kay
2174 Sievers, Kieran Clancy, Lennart Poettering, Lukas Nykryn,
2175 Mantas Mikulėnas, Marcel Holtmann, Mark Oteiza, Martin Pitt,
2176 Mike Gilbert, Peter Rajnoha, poma, Samuli Suominen, Stef
2177 Walter, Susant Sahani, Tero Roponen, Thomas Andersen, Thomas
2178 Bächler, Thomas Hindoe Paaboel Andersen, Tomasz Torcz, Tom
2179 Gundersen, Umut Tezduyar Lindskog, Uoti Urpala, Zachary Cook,
2180 Zbigniew Jędrzejewski-Szmek
2181
13b28d82 2182 -- Berlin, 2014-03-12
699b6b34 2183
43c71255
LP		 2184CHANGES WITH 210:
2185
2186 * systemd will now relabel /dev after loading the SMACK policy
2187 according to SMACK rules.
2188
67dd87c5 2189 * A new unit file option AppArmorProfile= has been added to
43c71255
LP		 2190 set the AppArmor profile for the processes of a unit.
2191
2192 * A new condition check ConditionArchitecture= has been added
2193 to conditionalize units based on the system architecture, as
2194 reported by uname()'s "machine" field.
2195
2196 * systemd-networkd now supports matching on the system
2197 virtualization, architecture, kernel command line, host name
2198 and machine ID.
2199
ed28905e 2200 * logind is now a lot more aggressive when suspending the
43c71255 2201 machine due to a closed laptop lid. Instead of acting only
b8bde116 2202 on the lid close action, it will continuously watch the lid
43c71255
LP		 2203 status and act on it. This is useful for laptops where the
2204 power button is on the outside of the chassis so that it can
ed28905e 2205 be reached without opening the lid (such as the Lenovo
b8bde116 2206 Yoga). On those machines, logind will now immediately
ed28905e 2207 re-suspend the machine if the power button has been
43c71255
LP		 2208 accidentally pressed while the laptop was suspended and in a
2209 backpack or similar.
2210
2211 * logind will now watch SW_DOCK switches and inhibit reaction
2212 to the lid switch if it is pressed. This means that logind
d27893ef 2213 will not suspend the machine anymore if the lid is closed
949138cc 2214 and the system is docked, if the laptop supports SW_DOCK
43c71255
LP		 2215 notifications via the input layer. Note that ACPI docking
2216 stations do not generate this currently. Also note that this
2217 logic is usually not fully sufficient and Desktop
2218 Environments should take a lid switch inhibitor lock when an
2219 external display is connected, as systemd will not watch
2220 this on its own.
2221
2222 * nspawn will now make use of the devices cgroup controller by
2223 default, and only permit creation of and access to the usual
2224 API device nodes like /dev/null or /dev/random, as well as
2225 access to (but not creation of) the pty devices.
2226
2227 * We will now ship a default .network file for
2228 systemd-networkd that automatically configures DHCP for
2229 network interfaces created by nspawn's --network-veth or
2230 --network-bridge= switches.
2231
2232 * systemd will now understand the usual M, K, G, T suffixes
2233 according to SI conventions (i.e. to the base 1000) when
2234 referring to throughput and hardware metrics. It will stay
2235 with IEC conventions (i.e. to the base 1024) for software
2236 metrics, according to what is customary according to
2237 Wikipedia. We explicitly document which base applies for
2238 each configuration option.
2239
2240 * The DeviceAllow= setting in unit files now supports a syntax
ed28905e 2241 to whitelist an entire group of devices node majors at once,
43c71255 2242 based on the /proc/devices listing. For example, with the
b8bde116 2243 string "char-pts", it is now possible to whitelist all
43c71255
LP		 2244 current and future pseudo-TTYs at once.
2245
2246 * sd-event learned a new "post" event source. Event sources of
2247 this type are triggered by the dispatching of any event
2248 source of a type that is not "post". This is useful for
2249 implementing clean-up and check event sources that are
2250 triggered by other work being done in the program.
2251
2252 * systemd-networkd is no longer statically enabled, but uses
2253 the usual [Install] sections so that it can be
2254 enabled/disabled using systemctl. It still is enabled by
2255 default however.
2256
b8bde116 2257 * When creating a veth interface pair with systemd-nspawn, the
43c71255
LP		 2258 host side will now be prefixed with "vb-" if
2259 --network-bridge= is used, and with "ve-" if --network-veth
b8bde116 2260 is used. This way, it is easy to distinguish these cases on
43c71255
LP		 2261 the host, for example to apply different configuration to
2262 them with systemd-networkd.
2263
d27893ef
LP		 2264 * The compatibility libraries for libsystemd-journal.so,
2265 libsystem-id128.so, libsystemd-login.so and
2266 libsystemd-daemon.so do not make use of IFUNC
b8bde116 2267 anymore. Instead, we now build libsystemd.so multiple times
d27893ef
LP		 2268 under these alternative names. This means that the footprint
2269 is drastically increased, but given that these are
b8bde116 2270 transitional compatibility libraries, this should not matter
d27893ef
LP		 2271 much. This change has been made necessary to support the ARM
2272 platform for these compatibility libraries, as the ARM
d28315e4 2273 toolchain is not really at the same level as the toolchain
ed28905e 2274 for other architectures like x86 and does not support
d27893ef
LP		 2275 IFUNC. Please make sure to use --enable-compat-libs only
2276 during a transitional period!
2277
13b28d82 2278 Contributions from: Andreas Fuchs, Armin K., Colin Walters,
43c71255
LP		 2279 Daniel Mack, Dave Reisner, David Herrmann, Djalal Harouni,
2280 Holger Schurig, Jason A. Donenfeld, Jason St. John, Jasper
2281 St. Pierre, Kay Sievers, Lennart Poettering, Łukasz Stelmach,
2282 Marcel Holtmann, Michael Scherer, Michal Sekletar, Mike
2283 Gilbert, Samuli Suominen, Thomas Bächler, Thomas Hindoe
2284 Paaboel Andersen, Tom Gundersen, Umut Tezduyar Lindskog,
2285 Zbigniew Jędrzejewski-Szmek
2286
2287 -- Berlin, 2014-02-24
2288
e49b5aad
LP		 2289CHANGES WITH 209:
2290
2291 * A new component "systemd-networkd" has been added that can
2292 be used to configure local network interfaces statically or
8b7d0494
JSJ		 2293 via DHCP. It is capable of bringing up bridges, VLANs, and
2294 bonding. Currently, no hook-ups for interactive network
4670e9d5 2295 configuration are provided. Use this for your initrd,
8b7d0494
JSJ		 2296 container, embedded, or server setup if you need a simple,
2297 yet powerful, network configuration solution. This
4670e9d5 2298 configuration subsystem is quite nifty, as it allows wildcard
1e190502 2299 hotplug matching in interfaces. For example, with a single
4670e9d5 2300 configuration snippet, you can configure that all Ethernet
1e190502
ZJS		 2301 interfaces showing up are automatically added to a bridge,
2302 or similar. It supports link-sensing and more.
e49b5aad
LP		 2303
2304 * A new tool "systemd-socket-proxyd" has been added which can
4c2413bf 2305 act as a bidirectional proxy for TCP sockets. This is
e49b5aad
LP		 2306 useful for adding socket activation support to services that
2307 do not actually support socket activation, including virtual
4c2413bf 2308 machines and the like.
e49b5aad
LP		 2309
2310 * Add a new tool to save/restore rfkill state on
2311 shutdown/boot.
2312
8b7d0494
JSJ		 2313 * Save/restore state of keyboard backlights in addition to
2314 display backlights on shutdown/boot.
e49b5aad
LP		 2315
2316 * udev learned a new SECLABEL{} construct to label device
2317 nodes with a specific security label when they appear. For
4c2413bf 2318 now, only SECLABEL{selinux} is supported, but the syntax is
e49b5aad
LP		 2319 prepared for additional security frameworks.
2320
2321 * udev gained a new scheme to configure link-level attributes
2322 from files in /etc/systemd/network/*.link. These files can
8b7d0494 2323 match against MAC address, device path, driver name and type,
4c2413bf 2324 and will apply attributes like the naming policy, link speed,
8b7d0494 2325 MTU, duplex settings, Wake-on-LAN settings, MAC address, MAC
e49b5aad
LP		 2326 address assignment policy (randomized, ...).
2327
dfb08b05
ZJS		 2328 * The configuration of network interface naming rules for
2329 "permanent interface names" has changed: a new NamePolicy=
2330 setting in the [Link] section of .link files determines the
2331 priority of possible naming schemes (onboard, slot, mac,
2332 path). The default value of this setting is determined by
2333 /usr/lib/net/links/99-default.link. Old
2334 80-net-name-slot.rules udev configuration file has been
2335 removed, so local configuration overriding this file should
2336 be adapated to override 99-default.link instead.
2337
e49b5aad 2338 * When the User= switch is used in a unit file, also
4c2413bf 2339 initialize $SHELL= based on the user database entry.
e49b5aad
LP		 2340
2341 * systemd no longer depends on libdbus. All communication is
2342 now done with sd-bus, systemd's low-level bus library
2343 implementation.
2344
2345 * kdbus support has been added to PID 1 itself. When kdbus is
4c2413bf 2346 enabled, this causes PID 1 to set up the system bus and
e49b5aad
LP		 2347 enable support for a new ".busname" unit type that
2348 encapsulates bus name activation on kdbus. It works a little
2349 bit like ".socket" units, except for bus names. A new
2350 generator has been added that converts classic dbus1 service
2351 activation files automatically into native systemd .busname
2352 and .service units.
2353
2354 * sd-bus: add a light-weight vtable implementation that allows
2355 defining objects on the bus with a simple static const
2356 vtable array of its methods, signals and properties.
2357
8b7d0494 2358 * systemd will not generate or install static dbus
e49b5aad 2359 introspection data anymore to /usr/share/dbus-1/interfaces,
1e190502 2360 as the precise format of these files is unclear, and
e49b5aad
LP		 2361 nothing makes use of it.
2362
2363 * A proxy daemon is now provided to proxy clients connecting
2364 via classic D-Bus AF_UNIX sockets to kdbus, to provide full
2365 compatibility with classic D-Bus.
2366
2367 * A bus driver implementation has been added that supports the
2368 classic D-Bus bus driver calls on kdbus, also for
2369 compatibility purposes.
2370
2371 * A new API "sd-event.h" has been added that implements a
2372 minimal event loop API built around epoll. It provides a
2373 couple of features that direct epoll usage is lacking:
b9761003 2374 prioritization of events, scales to large numbers of timer
e49b5aad
LP		 2375 events, per-event timer slack (accuracy), system-wide
2376 coalescing of timer events, exit handlers, watchdog
2377 supervision support using systemd's sd_notify() API, child
2378 process handling.
2379
2380 * A new API "sd-rntl.h" has been added that provides an API
2381 around the route netlink interface of the kernel, similar in
2382 style to "sd-bus.h".
2383
7e95eda5
PF		 2384 * A new API "sd-dhcp-client.h" has been added that provides a
2385 small DHCPv4 client-side implementation. This is used by
e49b5aad
LP		 2386 "systemd-networkd".
2387
4c2413bf 2388 * There is a new kernel command line option
8b7d0494
JSJ		 2389 "systemd.restore_state=0|1". When set to "0", none of the
2390 systemd tools will restore saved runtime state to hardware
2391 devices. More specifically, the rfkill and backlight states
2392 are not restored.
e49b5aad
LP		 2393
2394 * The FsckPassNo= compatibility option in mount/service units
2395 has been removed. The fstab generator will now add the
2396 necessary dependencies automatically, and does not require
2397 PID1's support for that anymore.
2398
8b7d0494 2399 * journalctl gained a new switch, --list-boots, that lists
e49b5aad
LP		 2400 recent boots with their times and boot IDs.
2401
2402 * The various tools like systemctl, loginctl, timedatectl,
2403 busctl, systemd-run, ... have gained a new switch "-M" to
2404 connect to a specific, local OS container (as direct
2405 connection, without requiring SSH). This works on any
2406 container that is registered with machined, such as those
2407 created by libvirt-lxc or nspawn.
2408
2409 * systemd-run and systemd-analyze also gained support for "-H"
4c2413bf 2410 to connect to remote hosts via SSH. This is particularly
8b7d0494
JSJ		 2411 useful for systemd-run because it enables queuing of jobs
2412 onto remote systems.
e49b5aad
LP		 2413
2414 * machinectl gained a new command "login" to open a getty
2415 login in any local container. This works with any container
2416 that is registered with machined (such as those created by
8e420494 2417 libvirt-lxc or nspawn), and which runs systemd inside.
e49b5aad
LP		 2418
2419 * machinectl gained a new "reboot" command that may be used to
2420 trigger a reboot on a specific container that is registered
2421 with machined. This works on any container that runs an init
2422 system of some kind.
2423
2424 * systemctl gained a new "list-timers" command to print a nice
2425 listing of installed timer units with the times they elapse
2426 next.
2427
2428 * Alternative reboot() parameters may now be specified on the
2429 "systemctl reboot" command line and are passed to the
2430 reboot() system call.
2431
2432 * systemctl gained a new --job-mode= switch to configure the
2433 mode to queue a job with. This is a more generic version of
8b7d0494 2434 --fail, --irreversible, and --ignore-dependencies, which are
e49b5aad
LP		 2435 still available but not advertised anymore.
2436
e49b5aad
LP		 2437 * /etc/systemd/system.conf gained new settings to configure
2438 various default timeouts of units, as well as the default
b9761003 2439 start limit interval and burst. These may still be overridden
e49b5aad
LP		 2440 within each Unit.
2441
270f1624
LP		 2442 * PID1 will now export on the bus profile data of the security
2443 policy upload process (such as the SELinux policy upload to
8e420494 2444 the kernel).
e49b5aad 2445
4670e9d5 2446 * journald: when forwarding logs to the console, include
1e190502
ZJS		 2447 timestamps (following the setting in
2448 /sys/module/printk/parameters/time).
e49b5aad
LP		 2449
2450 * OnCalendar= in timer units now understands the special
2451 strings "yearly" and "annually". (Both are equivalent)
2452
2453 * The accuracy of timer units is now configurable with the new
2454 AccuracySec= setting. It defaults to 1min.
2455
2456 * A new dependency type JoinsNamespaceOf= has been added that
2457 allows running two services within the same /tmp and network
2458 namespace, if PrivateNetwork= or PrivateTmp= are used.
2459
2460 * A new command "cat" has been added to systemctl. It outputs
2461 the original unit file of a unit, and concatenates the
1e190502
ZJS		 2462 contents of additional "drop-in" unit file snippets, so that
2463 the full configuration is shown.
e49b5aad
LP		 2464
2465 * systemctl now supports globbing on the various "list-xyz"
2466 commands, like "list-units" or "list-sockets", as well as on
1e190502
ZJS		 2467 those commands which take multiple unit names.
2468
2469 * journalctl's --unit= switch gained support for globbing.
e49b5aad
LP		 2470
2471 * All systemd daemons now make use of the watchdog logic so
2472 that systemd automatically notices when they hang.
2473
4c2413bf 2474 * If the $container_ttys environment variable is set,
e49b5aad
LP		 2475 getty-generator will automatically spawn a getty for each
2476 listed tty. This is useful for container managers to request
2477 login gettys to be spawned on as many ttys as needed.
2478
2479 * %h, %s, %U specifier support is not available anymore when
2480 used in unit files for PID 1. This is because NSS calls are
2481 not safe from PID 1. They stay available for --user
2482 instances of systemd, and as special case for the root user.
2483
e49b5aad
LP		 2484 * loginctl gained a new "--no-legend" switch to turn off output
2485 of the legend text.
2486
2487 * The "sd-login.h" API gained three new calls:
2488 sd_session_is_remote(), sd_session_get_remote_user(),
2489 sd_session_get_remote_host() to query information about
2490 remote sessions.
2491
8e420494
LP		 2492 * The udev hardware database now also carries vendor/product
2493 information of SDIO devices.
e49b5aad
LP		 2494
2495 * The "sd-daemon.h" API gained a new sd_watchdog_enabled() to
2496 determine whether watchdog notifications are requested by
2497 the system manager.
2498
1e190502 2499 * Socket-activated per-connection services now include a
e49b5aad
LP		 2500 short description of the connection parameters in the
2501 description.
2502
4c2413bf 2503 * tmpfiles gained a new "--boot" option. When this is not used,
e49b5aad 2504 only lines where the command character is not suffixed with
4670e9d5 2505 "!" are executed. When this option is specified, those
1e190502
ZJS		 2506 options are executed too. This partitions tmpfiles
2507 directives into those that can be safely executed at any
2508 time, and those which should be run only at boot (for
2509 example, a line that creates /run/nologin).
e49b5aad 2510
c0c5af00 2511 * A new API "sd-resolve.h" has been added which provides a simple
4c2413bf 2512 asynchronous wrapper around glibc NSS host name resolution
e49b5aad 2513 calls, such as getaddrinfo(). In contrast to glibc's
4c2413bf
JE		 2514 getaddrinfo_a(), it does not use signals. In contrast to most
2515 other asynchronous name resolution libraries, this one does
2516 not reimplement DNS, but reuses NSS, so that alternate
e49b5aad 2517 host name resolution systems continue to work, such as mDNS,
8b7d0494 2518 LDAP, etc. This API is based on libasyncns, but it has been
e49b5aad
LP		 2519 cleaned up for inclusion in systemd.
2520
6300b3ec
LP		 2521 * The APIs "sd-journal.h", "sd-login.h", "sd-id128.h",
2522 "sd-daemon.h" are no longer found in individual libraries
2523 libsystemd-journal.so, libsystemd-login.so,
2524 libsystemd-id128.so, libsystemd-daemon.so. Instead, we have
8b7d0494
JSJ		 2525 merged them into a single library, libsystemd.so, which
2526 provides all symbols. The reason for this is cyclic
e49b5aad 2527 dependencies, as these libraries tend to use each other's
d28315e4 2528 symbols. So far, we have managed to workaround that by linking
6300b3ec
LP		 2529 a copy of a good part of our code into each of these
2530 libraries again and again, which, however, makes certain
2531 things hard to do, like sharing static variables. Also, it
2532 substantially increases footprint. With this change, there
2533 is only one library for the basic APIs systemd
2534 provides. Also, "sd-bus.h", "sd-memfd.h", "sd-event.h",
2535 "sd-rtnl.h", "sd-resolve.h", "sd-utf8.h" are found in this
2536 library as well, however are subject to the --enable-kdbus
2537 switch (see below). Note that "sd-dhcp-client.h" is not part
2538 of this library (this is because it only consumes, never
2539 provides, services of/to other APIs). To make the transition
8b7d0494 2540 easy from the separate libraries to the unified one, we
4c2413bf 2541 provide the --enable-compat-libs compile-time switch which
e49b5aad
LP		 2542 will generate stub libraries that are compatible with the
2543 old ones but redirect all calls to the new one.
2544
8b7d0494 2545 * All of the kdbus logic and the new APIs "sd-bus.h",
e49b5aad 2546 "sd-memfd.h", "sd-event.h", "sd-rtnl.h", "sd-resolve.h",
8b7d0494
JSJ		 2547 and "sd-utf8.h" are compile-time optional via the
2548 "--enable-kdbus" switch, and they are not compiled in by
2549 default. To make use of kdbus, you have to explicitly enable
4c2413bf 2550 the switch. Note however, that neither the kernel nor the
e49b5aad
LP		 2551 userspace API for all of this is considered stable yet. We
2552 want to maintain the freedom to still change the APIs for
4c2413bf 2553 now. By specifying this build-time switch, you acknowledge
e49b5aad 2554 that you are aware of the instability of the current
ad42cf73
KS		 2555 APIs.
2556
2557 * Also, note that while kdbus is pretty much complete,
e49b5aad 2558 it lacks one thing: proper policy support. This means you
8b7d0494 2559 can build a fully working system with all features; however,
4c2413bf
JE		 2560 it will be highly insecure. Policy support will be added in
2561 one of the next releases, at the same time that we will
2562 declare the APIs stable.
e49b5aad 2563
81c7dd89 2564 * When the kernel command line argument "kdbus" is specified,
ad42cf73 2565 systemd will automatically load the kdbus.ko kernel module. At
8b7d0494 2566 this stage of development, it is only useful for testing kdbus
ad42cf73 2567 and should not be used in production. Note: if "--enable-kdbus"
8b7d0494 2568 is specified, and the kdbus.ko kernel module is available, and
ad42cf73
KS		 2569 "kdbus" is added to the kernel command line, the entire system
2570 runs with kdbus instead of dbus-daemon, with the above mentioned
2571 problem of missing the system policy enforcement. Also a future
2572 version of kdbus.ko or a newer systemd will not be compatible with
2573 each other, and will unlikely be able to boot the machine if only
2574 one of them is updated.
2575
e49b5aad 2576 * systemctl gained a new "import-environment" command which
4c2413bf 2577 uploads the caller's environment (or parts thereof) into the
e49b5aad
LP		 2578 service manager so that it is inherited by services started
2579 by the manager. This is useful to upload variables like
2580 $DISPLAY into the user service manager.
2581
2582 * A new PrivateDevices= switch has been added to service units
2583 which allows running a service with a namespaced /dev
2584 directory that does not contain any device nodes for
4c2413bf 2585 physical devices. More specifically, it only includes devices
8b7d0494 2586 such as /dev/null, /dev/urandom, and /dev/zero which are API
e49b5aad
LP		 2587 entry points.
2588
2589 * logind has been extended to support behaviour like VT
2590 switching on seats that do not support a VT. This makes
2591 multi-session available on seats that are not the first seat
2592 (seat0), and on systems where kernel support for VTs has
8b7d0494 2593 been disabled at compile-time.
e49b5aad
LP		 2594
2595 * If a process holds a delay lock for system sleep or shutdown
1e190502 2596 and fails to release it in time, we will now log its
e49b5aad
LP		 2597 identity. This makes it easier to identify processes that
2598 cause slow suspends or power-offs.
2599
1e190502
ZJS		 2600 * When parsing /etc/crypttab, support for a new key-slot=
2601 option as supported by Debian is added. It allows indicating
2602 which LUKS slot to use on disk, speeding up key loading.
e49b5aad 2603
1e190502
ZJS		 2604 * The sd_journald_sendv() API call has been checked and
2605 officially declared to be async-signal-safe so that it may
2606 be invoked from signal handlers for logging purposes.
e49b5aad
LP		 2607
2608 * Boot-time status output is now enabled automatically after a
2609 short timeout if boot does not progress, in order to give
8e420494 2610 the user an indication what she or he is waiting for.
1e190502
ZJS		 2611
2612 * The boot-time output has been improved to show how much time
2613 remains until jobs expire.
e49b5aad
LP		 2614
2615 * The KillMode= switch in service units gained a new possible
8b7d0494 2616 value "mixed". If set, and the unit is shut down, then the
e49b5aad 2617 initial SIGTERM signal is sent only to the main daemon
8e420494 2618 process, while the following SIGKILL signal is sent to
e49b5aad
LP		 2619 all remaining processes of the service.
2620
4c2413bf
JE		 2621 * When a scope unit is registered, a new property "Controller"
2622 may be set. If set to a valid bus name, systemd will send a
e49b5aad
LP		 2623 RequestStop() signal to this name when it would like to shut
2624 down the scope. This may be used to hook manager logic into
2625 the shutdown logic of scope units. Also, scope units may now
8b7d0494 2626 be put in a special "abandoned" state, in which case the
e49b5aad
LP		 2627 manager process which created them takes no further
2628 responsibilities for it.
2629
1e190502 2630 * When reading unit files, systemd will now verify
e49b5aad
LP		 2631 the access mode of these files, and warn about certain
2632 suspicious combinations. This has been added to make it
2633 easier to track down packaging bugs where unit files are
2634 marked executable or world-writable.
2635
2636 * systemd-nspawn gained a new "--setenv=" switch to set
8b7d0494 2637 container-wide environment variables. The similar option in
1e190502
ZJS		 2638 systemd-activate was renamed from "--environment=" to
2639 "--setenv=" for consistency.
e49b5aad
LP		 2640
2641 * systemd-nspawn has been updated to create a new kdbus domain
2642 for each container that is invoked, thus allowing each
b9761003 2643 container to have its own set of system and user buses,
8b7d0494 2644 independent of the host.
e49b5aad
LP		 2645
2646 * systemd-nspawn gained a new --drop-capability= switch to run
2647 the container with less capabilities than the default. Both
b9761003 2648 --drop-capability= and --capability= now take the special
e49b5aad
LP		 2649 string "all" for dropping or keeping all capabilities.
2650
2651 * systemd-nspawn gained new switches for executing containers
2652 with specific SELinux labels set.
2653
2654 * systemd-nspawn gained a new --quiet switch to not generate
2655 any additional output but the container's own console
2656 output.
2657
2658 * systemd-nspawn gained a new --share-system switch to run a
2659 container without PID namespacing enabled.
2660
2661 * systemd-nspawn gained a new --register= switch to control
1e190502 2662 whether the container is registered with systemd-machined or
8e420494 2663 not. This is useful for containers that do not run full
e49b5aad
LP		 2664 OS images, but only specific apps.
2665
2666 * systemd-nspawn gained a new --keep-unit which may be used
8b7d0494 2667 when invoked as the only program from a service unit, and
e49b5aad 2668 results in registration of the unit service itself in
1e190502 2669 systemd-machined, instead of a newly opened scope unit.
e49b5aad
LP		 2670
2671 * systemd-nspawn gained a new --network-interface= switch for
2672 moving arbitrary interfaces to the container. The new
4c2413bf 2673 --network-veth switch creates a virtual Ethernet connection
8b7d0494
JSJ		 2674 between host and container. The new --network-bridge=
2675 switch then allows assigning the host side of this virtual
2676 Ethernet connection to a bridge device.
e49b5aad 2677
6afc95b7
LP		 2678 * systemd-nspawn gained a new --personality= switch for
2679 setting the kernel personality for the container. This is
70a44afe 2680 useful when running a 32-bit container on a 64-bit host. A
b8bde116
JE		 2681 similar option Personality= is now also available for service
2682 units to use.
6afc95b7 2683
e49b5aad
LP		 2684 * logind will now also track a "Desktop" identifier for each
2685 session which encodes the desktop environment of it. This is
2686 useful for desktop environments that want to identify
2687 multiple running sessions of itself easily.
2688
2689 * A new SELinuxContext= setting for service units has been
2690 added that allows setting a specific SELinux execution
2691 context for a service.
2692
2693 * Most systemd client tools will now honour $SYSTEMD_LESS for
2694 settings of the "less" pager. By default, these tools will
8b7d0494
JSJ		 2695 override $LESS to allow certain operations to work, such as
2696 jump-to-the-end. With $SYSTEMD_LESS, it is possible to
e49b5aad
LP		 2697 influence this logic.
2698
2699 * systemd's "seccomp" hook-up has been changed to make use of
2700 the libseccomp library instead of using its own
2701 implementation. This has benefits for portability among
2702 other things.
2703
4c2413bf 2704 * For usage together with SystemCallFilter=, a new
8b7d0494 2705 SystemCallErrorNumber= setting has been introduced that
b8bde116
JE		 2706 allows configuration of a system error number to be returned
2707 on filtered system calls, instead of immediately killing the
e49b5aad
LP		 2708 process. Also, SystemCallArchitectures= has been added to
2709 limit access to system calls of a particular architecture
2710 (in order to turn off support for unused secondary
4c2413bf 2711 architectures). There is also a global
8b7d0494 2712 SystemCallArchitectures= setting in system.conf now to turn
e49b5aad
LP		 2713 off support for non-native system calls system-wide.
2714
210054d7
KS		 2715 * systemd requires a kernel with a working name_to_handle_at(),
2716 please see the kernel config requirements in the README file.
2717
e49b5aad
LP		 2718 Contributions from: Adam Williamson, Alex Jia, Anatol Pomozov,
2719 Ansgar Burchardt, AppleBloom, Auke Kok, Bastien Nocera,
2720 Chengwei Yang, Christian Seiler, Colin Guthrie, Colin Walters,
2721 Cristian Rodríguez, Daniel Buch, Daniele Medri, Daniel J
2722 Walsh, Daniel Mack, Dan McGee, Dave Reisner, David Coppa,
2723 David Herrmann, David Strauss, Djalal Harouni, Dmitry Pisklov,
2724 Elia Pinto, Florian Weimer, George McCollister, Goffredo
2725 Baroncelli, Greg Kroah-Hartman, Hendrik Brueckner, Igor
2726 Zhbanov, Jan Engelhardt, Jan Janssen, Jason A. Donenfeld,
2727 Jason St. John, Jasper St. Pierre, Jóhann B. Guðmundsson, Jose
2728 Ignacio Naranjo, Karel Zak, Kay Sievers, Kristian Høgsberg,
2729 Lennart Poettering, Lubomir Rintel, Lukas Nykryn, Lukasz
2730 Skalski, Łukasz Stelmach, Luke Shumaker, Mantas Mikulėnas,
2731 Marc-Antoine Perennou, Marcel Holtmann, Marcos Felipe Rasia de
2732 Mello, Marko Myllynen, Martin Pitt, Matthew Monaco, Michael
2733 Marineau, Michael Scherer, Michał Górny, Michal Sekletar,
2734 Michele Curti, Oleksii Shevchuk, Olivier Brunel, Patrik Flykt,
2735 Pavel Holica, Raudi, Richard Marko, Ronny Chevalier, Sébastien
2736 Luttringer, Sergey Ptashnick, Shawn Landden, Simon Peeters,
2737 Stefan Beller, Susant Sahani, Sylvain Plantefeve, Sylvia Else,
2738 Tero Roponen, Thomas Bächler, Thomas Hindoe Paaboel Andersen,
2739 Tom Gundersen, Umut Tezduyar Lindskog, Unai Uribarri, Václav
2740 Pavlín, Vincent Batts, WaLyong Cho, William Giokas, Yang
2741 Zhiyong, Yin Kangkai, Yuxuan Shui, Zbigniew Jędrzejewski-Szmek
2742
6300b3ec 2743 -- Berlin, 2014-02-20
e49b5aad 2744
cd4010b3
LP		 2745CHANGES WITH 208:
2746
2747 * logind has gained support for facilitating privileged input
2748 and drm device access for unprivileged clients. This work is
2749 useful to allow Wayland display servers (and similar
2750 programs, such as kmscon) to run under the user's ID and
2751 access input and drm devices which are normally
2752 protected. When this is used (and the kernel is new enough)
2753 logind will "mute" IO on the file descriptors passed to
2754 Wayland as long as it is in the background and "unmute" it
2755 if it returns into the foreground. This allows secure
2756 session switching without allowing background sessions to
2757 eavesdrop on input and display data. This also introduces
2758 session switching support if VT support is turned off in the
2759 kernel, and on seats that are not seat0.
2760
2761 * A new kernel command line option luks.options= is understood
06b643e7 2762 now which allows specifying LUKS options for usage for LUKS
cd4010b3
LP		 2763 encrypted partitions specified with luks.uuid=.
2764
2765 * tmpfiles.d(5) snippets may now use specifier expansion in
2766 path names. More specifically %m, %b, %H, %v, are now
2767 replaced by the local machine id, boot id, hostname, and
2768 kernel version number.
2769
2770 * A new tmpfiles.d(5) command "m" has been introduced which
2771 may be used to change the owner/group/access mode of a file
d28315e4 2772 or directory if it exists, but do nothing if it does not.
cd4010b3
LP		 2773
2774 * This release removes high-level support for the
2775 MemorySoftLimit= cgroup setting. The underlying kernel
2776 cgroup attribute memory.soft_limit= is currently badly
2777 designed and likely to be removed from the kernel API in its
d28315e4 2778 current form, hence we should not expose it for now.
cd4010b3
LP		 2779
2780 * The memory.use_hierarchy cgroup attribute is now enabled for
2781 all cgroups systemd creates in the memory cgroup
2782 hierarchy. This option is likely to be come the built-in
cc98b302
TH		 2783 default in the kernel anyway, and the non-hierarchical mode
2784 never made much sense in the intrinsically hierarchical
cd4010b3
LP		 2785 cgroup system.
2786
2787 * A new field _SYSTEMD_SLICE= is logged along with all journal
2788 messages containing the slice a message was generated
2789 from. This is useful to allow easy per-customer filtering of
2790 logs among other things.
2791
2792 * systemd-journald will no longer adjust the group of journal
2793 files it creates to the "systemd-journal" group. Instead we
2794 rely on the journal directory to be owned by the
2795 "systemd-journal" group, and its setgid bit set, so that the
2796 kernel file system layer will automatically enforce that
2797 journal files inherit this group assignment. The reason for
2798 this change is that we cannot allow NSS look-ups from
2799 journald which would be necessary to resolve
2800 "systemd-journal" to a numeric GID, because this might
2801 create deadlocks if NSS involves synchronous queries to
2802 other daemons (such as nscd, or sssd) which in turn are
2803 logging clients of journald and might block on it, which
2804 would then dead lock. A tmpfiles.d(5) snippet included in
2805 systemd will make sure the setgid bit and group are
2806 properly set on the journal directory if it exists on every
2807 boot. However, we recommend adjusting it manually after
2808 upgrades too (or from RPM scriptlets), so that the change is
2809 not delayed until next reboot.
2810
2811 * Backlight and random seed files in /var/lib/ have moved into
2812 the /var/lib/systemd/ directory, in order to centralize all
2813 systemd generated files in one directory.
2814
2815 * Boot time performance measurements (as displayed by
2816 "systemd-analyze" for example) will now read ACPI 5.0 FPDT
2817 performance information if that's available to determine how
2818 much time BIOS and boot loader initialization required. With
2819 a sufficiently new BIOS you hence no longer need to boot
2820 with Gummiboot to get access to such information.
2821
2822 Contributions from: Andrey Borzenkov, Chen Jie, Colin Walters,
2823 Cristian Rodríguez, Dave Reisner, David Herrmann, David
2824 Mackey, David Strauss, Eelco Dolstra, Evan Callicoat, Gao
2825 feng, Harald Hoyer, Jimmie Tauriainen, Kay Sievers, Lennart
2826 Poettering, Lukas Nykryn, Mantas Mikulėnas, Martin Pitt,
2827 Michael Scherer, Michał Górny, Mike Gilbert, Patrick McCarty,
2828 Sebastian Ott, Tom Gundersen, Zbigniew Jędrzejewski-Szmek
2829
2830 -- Berlin, 2013-10-02
2831
4f0be680
LP		 2832CHANGES WITH 207:
2833
2834 * The Restart= option for services now understands a new
f3a165b0 2835 on-watchdog setting, which will restart the service
4f0be680
LP		 2836 automatically if the service stops sending out watchdog keep
2837 alive messages (as configured with WatchdogSec=).
2838
2839 * The getty generator (which is responsible for bringing up a
2840 getty on configured serial consoles) will no longer only
2841 start a getty on the primary kernel console but on all
2842 others, too. This makes the order in which console= is
2843 specified on the kernel command line less important.
2844
2845 * libsystemd-logind gained a new sd_session_get_vt() call to
2846 retrieve the VT number of a session.
2847
2848 * If the option "tries=0" is set for an entry of /etc/crypttab
2849 its passphrase is queried indefinitely instead of any
2850 maximum number of tries.
2851
2852 * If a service with a configure PID file terminates its PID
2853 file will now be removed automatically if it still exists
2854 afterwards. This should put an end to stale PID files.
2855
2856 * systemd-run will now also take relative binary path names
2857 for execution and no longer insists on absolute paths.
2858
2859 * InaccessibleDirectories= and ReadOnlyDirectories= now take
2860 paths that are optionally prefixed with "-" to indicate that
d28315e4 2861 it should not be considered a failure if they do not exist.
4f0be680 2862
f3a165b0
KS		 2863 * journalctl -o (and similar commands) now understands a new
2864 output mode "short-precise", it is similar to "short" but
4f0be680
LP		 2865 shows timestamps with usec accuracy.
2866
2867 * The option "discard" (as known from Debian) is now
2868 synonymous to "allow-discards" in /etc/crypttab. In fact,
387abf80 2869 "discard" is preferred now (since it is easier to remember
4f0be680
LP		 2870 and type).
2871
f3a165b0 2872 * Some licensing clean-ups were made, so that more code is now
4f0be680
LP		 2873 LGPL-2.1 licensed than before.
2874
2875 * A minimal tool to save/restore the display backlight
2876 brightness across reboots has been added. It will store the
f3a165b0 2877 backlight setting as late as possible at shutdown, and
4f0be680
LP		 2878 restore it as early as possible during reboot.
2879
2880 * A logic to automatically discover and enable home and swap
2881 partitions on GPT disks has been added. With this in place
2882 /etc/fstab becomes optional for many setups as systemd can
2883 discover certain partitions located on the root disk
2884 automatically. Home partitions are recognized under their
2885 GPT type ID 933ac7e12eb44f13b8440e14e2aef915. Swap
2886 partitions are recognized under their GPT type ID
2887 0657fd6da4ab43c484e50933c84b4f4f.
2888
2889 * systemd will no longer pass any environment from the kernel
2890 or initrd to system services. If you want to set an
2891 environment for all services, do so via the kernel command
2892 line systemd.setenv= assignment.
2893
387abf80
LP		 2894 * The systemd-sysctl tool no longer natively reads the file
2895 /etc/sysctl.conf. If desired, the file should be symlinked
2896 from /etc/sysctl.d/99-sysctl.conf. Apart from providing
2897 legacy support by a symlink rather than built-in code, it
2898 also makes the otherwise hidden order of application of the
2899 different files visible. (Note that this partly reverts to a
2900 pre-198 application order of sysctl knobs!)
04bf3c1a 2901
4f0be680
LP		 2902 * The "systemctl set-log-level" and "systemctl dump" commands
2903 have been moved to systemd-analyze.
2904
2905 * systemd-run learned the new --remain-after-exit switch,
2906 which causes the scope unit not to be cleaned up
2907 automatically after the process terminated.
2908
2909 * tmpfiles learned a new --exclude-prefix= switch to exclude
2910 certain paths from operation.
2911
2912 * journald will now automatically flush all messages to disk
f47ad593
ZJS		 2913 as soon as a message at the log level CRIT, ALERT or EMERG
2914 is received.
4f0be680
LP		 2915
2916 Contributions from: Andrew Cook, Brandon Philips, Christian
2917 Hesse, Christoph Junghans, Colin Walters, Daniel Schaal,
2918 Daniel Wallace, Dave Reisner, David Herrmann, Gao feng, George
2919 McCollister, Giovanni Campagna, Hannes Reinecke, Harald Hoyer,
2920 Herczeg Zsolt, Holger Hans Peter Freyther, Jan Engelhardt,
2921 Jesper Larsen, Kay Sievers, Khem Raj, Lennart Poettering,
2922 Lukas Nykryn, Maciej Wereski, Mantas Mikulėnas, Marcel
2923 Holtmann, Martin Pitt, Michael Biebl, Michael Marineau,
2924 Michael Scherer, Michael Stapelberg, Michal Sekletar, Michał
2925 Górny, Olivier Brunel, Ondrej Balaz, Ronny Chevalier, Shawn
2926 Landden, Steven Hiscocks, Thomas Bächler, Thomas Hindoe
2927 Paaboel Andersen, Tom Gundersen, Umut Tezduyar, WANG Chao,
2928 William Giokas, Zbigniew Jędrzejewski-Szmek
2929
2930 -- Berlin, 2013-09-13
2931
408f281b
LP		 2932CHANGES WITH 206:
2933
2934 * The documentation has been updated to cover the various new
2935 concepts introduced with 205.
2936
2937 * Unit files now understand the new %v specifier which
2938 resolves to the kernel version string as returned by "uname
2939 -r".
2940
2941 * systemctl now supports filtering the unit list output by
2942 load state, active state and sub state, using the new
33b521be 2943 --state= parameter.
408f281b
LP		 2944
2945 * "systemctl status" will now show the results of the
2946 condition checks (like ConditionPathExists= and similar) of
2947 the last start attempts of the unit. They are also logged to
2948 the journal.
2949
2950 * "journalctl -b" may now be used to look for boot output of a
2951 specific boot. Try "journalctl -b -1" for the previous boot,
2952 but the syntax is substantially more powerful.
2953
2954 * "journalctl --show-cursor" has been added which prints the
2955 cursor string the last shown log line. This may then be used
2956 with the new "journalctl --after-cursor=" switch to continue
2957 browsing logs from that point on.
2958
2959 * "journalctl --force" may now be used to force regeneration
2960 of an FSS key.
2961
251cc819
LP		 2962 * Creation of "dead" device nodes has been moved from udev
2963 into kmod and tmpfiles. Previously, udev would read the kmod
2964 databases to pre-generate dead device nodes based on meta
2965 information contained in kernel modules, so that these would
2966 be auto-loaded on access rather then at boot. As this
d28315e4 2967 does not really have much to do with the exposing actual
251cc819
LP		 2968 kernel devices to userspace this has always been slightly
2969 alien in the udev codebase. Following the new scheme kmod
2970 will now generate a runtime snippet for tmpfiles from the
2971 module meta information and it now is tmpfiles' job to the
2972 create the nodes. This also allows overriding access and
2973 other parameters for the nodes using the usual tmpfiles
2974 facilities. As side effect this allows us to remove the
2975 CAP_SYS_MKNOD capability bit from udevd entirely.
2976
2977 * logind's device ACLs may now be applied to these "dead"
2978 devices nodes too, thus finally allowing managed access to
2979 devices such as /dev/snd/sequencer whithout loading the
2980 backing module right-away.
408f281b
LP		 2981
2982 * A new RPM macro has been added that may be used to apply
2983 tmpfiles configuration during package installation.
2984
2985 * systemd-detect-virt and ConditionVirtualization= now can
2986 detect User-Mode-Linux machines (UML).
2987
251cc819
LP		 2988 * journald will now implicitly log the effective capabilities
2989 set of processes in the message metadata.
408f281b
LP		 2990
2991 * systemd-cryptsetup has gained support for TrueCrypt volumes.
2992
2993 * The initrd interface has been simplified (more specifically,
2994 support for passing performance data via environment
2995 variables and fsck results via files in /run has been
2996 removed). These features were non-essential, and are
2997 nowadays available in a much nicer way by having systemd in
2998 the initrd serialize its state and have the hosts systemd
2999 deserialize it again.
3000
28f5c779
KS		 3001 * The udev "keymap" data files and tools to apply keyboard
3002 specific mappings of scan to key codes, and force-release
3003 scan code lists have been entirely replaced by a udev
3004 "keyboard" builtin and a hwdb data file.
408f281b 3005
251cc819
LP		 3006 * systemd will now honour the kernel's "quiet" command line
3007 argument also during late shutdown, resulting in a
3008 completely silent shutdown when used.
3009
3010 * There's now an option to control the SO_REUSEPORT socket
3011 option in .socket units.
3012
3013 * Instance units will now automatically get a per-template
3014 subslice of system.slice unless something else is explicitly
3015 configured. For example, instances of sshd@.service will now
3016 implicitly be placed in system-sshd.slice rather than
3017 system.slice as before.
3018
3019 * Test coverage support may now be enabled at build time.
3020
3021 Contributions from: Dave Reisner, Frederic Crozat, Harald
3022 Hoyer, Holger Hans Peter Freyther, Jan Engelhardt, Jan
3023 Janssen, Jason St. John, Jesper Larsen, Kay Sievers, Lennart
3024 Poettering, Lukas Nykryn, Maciej Wereski, Martin Pitt, Michael
3025 Olbrich, Ramkumar Ramachandra, Ross Lagerwall, Shawn Landden,
3026 Thomas H.P. Andersen, Tom Gundersen, Tomasz Torcz, William
3027 Giokas, Zbigniew Jędrzejewski-Szmek
3028
4f0be680
LP		 3029 -- Berlin, 2013-07-23
3030
00aa832b
LP		 3031CHANGES WITH 205:
3032
3033 * Two new unit types have been introduced:
3034
3035 Scope units are very similar to service units, however, are
3036 created out of pre-existing processes -- instead of PID 1
3037 forking off the processes. By using scope units it is
3038 possible for system services and applications to group their
3039 own child processes (worker processes) in a powerful way
3040 which then maybe used to organize them, or kill them
3041 together, or apply resource limits on them.
3042
3043 Slice units may be used to partition system resources in an
cc98b302 3044 hierarchical fashion and then assign other units to them. By
00aa832b
LP		 3045 default there are now three slices: system.slice (for all
3046 system services), user.slice (for all user sessions),
3047 machine.slice (for VMs and containers).
3048
3049 Slices and scopes have been introduced primarily in
3050 context of the work to move cgroup handling to a
3051 single-writer scheme, where only PID 1
3052 creates/removes/manages cgroups.
3053
3054 * There's a new concept of "transient" units. In contrast to
3055 normal units these units are created via an API at runtime,
3056 not from configuration from disk. More specifically this
3057 means it is now possible to run arbitrary programs as
3058 independent services, with all execution parameters passed
3059 in via bus APIs rather than read from disk. Transient units
3060 make systemd substantially more dynamic then it ever was,
3061 and useful as a general batch manager.
3062
3063 * logind has been updated to make use of scope and slice units
3064 for managing user sessions. As a user logs in he will get
3065 his own private slice unit, to which all sessions are added
3066 as scope units. We also added support for automatically
3067 adding an instance of user@.service for the user into the
3068 slice. Effectively logind will no longer create cgroup
3069 hierarchies on its own now, it will defer entirely to PID 1
3070 for this by means of scope, service and slice units. Since
3071 user sessions this way become entities managed by PID 1
3072 the output of "systemctl" is now a lot more comprehensive.
3073
3074 * A new mini-daemon "systemd-machined" has been added which
3075 may be used by virtualization managers to register local
3076 VMs/containers. nspawn has been updated accordingly, and
3077 libvirt will be updated shortly. machined will collect a bit
3078 of meta information about the VMs/containers, and assign
3079 them their own scope unit (see above). The collected
3080 meta-data is then made available via the "machinectl" tool,
3081 and exposed in "ps" and similar tools. machined/machinectl
3082 is compile-time optional.
3083
3084 * As discussed earlier, the low-level cgroup configuration
3085 options ControlGroup=, ControlGroupModify=,
3086 ControlGroupPersistent=, ControlGroupAttribute= have been
3087 removed. Please use high-level attribute settings instead as
3088 well as slice units.
3089
3090 * A new bus call SetUnitProperties() has been added to alter
3091 various runtime parameters of a unit. This is primarily
3092 useful to alter cgroup parameters dynamically in a nice way,
3093 but will be extended later on to make more properties
3094 modifiable at runtime. systemctl gained a new set-properties
3095 command that wraps this call.
3096
3097 * A new tool "systemd-run" has been added which can be used to
3098 run arbitrary command lines as transient services or scopes,
3099 while configuring a number of settings via the command
3100 line. This tool is currently very basic, however already
3101 very useful. We plan to extend this tool to even allow
3102 queuing of execution jobs with time triggers from the
3103 command line, similar in fashion to "at".
3104
3105 * nspawn will now inform the user explicitly that kernels with
3106 audit enabled break containers, and suggest the user to turn
3107 off audit.
3108
3109 * Support for detecting the IMA and AppArmor security
3110 frameworks with ConditionSecurity= has been added.
3111
3112 * journalctl gained a new "-k" switch for showing only kernel
1fda0ab5
ZJS		 3113 messages, mimicking dmesg output; in addition to "--user"
3114 and "--system" switches for showing only user's own logs
3115 and system logs.
00aa832b
LP		 3116
3117 * systemd-delta can now show information about drop-in
3118 snippets extending unit files.
3119
3120 * libsystemd-bus has been substantially updated but is still
3121 not available as public API.
3122
3123 * systemd will now look for the "debug" argument on the kernel
499b604b 3124 command line and enable debug logging, similar to what
00aa832b
LP		 3125 "systemd.log_level=debug" already did before.
3126
3127 * "systemctl set-default", "systemctl get-default" has been
3128 added to configure the default.target symlink, which
3129 controls what to boot into by default.
3130
1fda0ab5
ZJS		 3131 * "systemctl set-log-level" has been added as a convenient
3132 way to raise and lower systemd logging threshold.
3133
00aa832b
LP		 3134 * "systemd-analyze plot" will now show the time the various
3135 generators needed for execution, as well as information
3136 about the unit file loading.
3137
00aa832b
LP		 3138 * libsystemd-journal gained a new sd_journal_open_files() call
3139 for opening specific journal files. journactl also gained a
3140 new switch to expose this new functionality. Previously we
3141 only supported opening all files from a directory, or all
3142 files from the system, as opening individual files only is
3143 racy due to journal file rotation.
3144
3145 * systemd gained the new DefaultEnvironment= setting in
3146 /etc/systemd/system.conf to set environment variables for
3147 all services.
3148
3149 * If a privileged process logs a journal message with the
3150 OBJECT_PID= field set, then journald will automatically
3151 augment this with additional OBJECT_UID=, OBJECT_GID=,
3152 OBJECT_COMM=, OBJECT_EXE=, ... fields. This is useful if
3153 system services want to log events about specific client
3154 processes. journactl/systemctl has been updated to make use
3155 of this information if all log messages regarding a specific
3156 unit is requested.
3157
3158 Contributions from: Auke Kok, Chengwei Yang, Colin Walters,
3159 Cristian Rodríguez, Daniel Albers, Daniel Wallace, Dave
3160 Reisner, David Coppa, David King, David Strauss, Eelco
3161 Dolstra, Gabriel de Perthuis, Harald Hoyer, Jan Alexander
3162 Steffens, Jan Engelhardt, Jan Janssen, Jason St. John, Johan
3163 Heikkilä, Karel Zak, Karol Lewandowski, Kay Sievers, Lennart
3164 Poettering, Lukas Nykryn, Mantas Mikulėnas, Marius Vollmer,
3165 Martin Pitt, Michael Biebl, Michael Olbrich, Michael Tremer,
3166 Michal Schmidt, Michał Bartoszkiewicz, Nirbheek Chauhan,
3167 Pierre Neidhardt, Ross Burton, Ross Lagerwall, Sean McGovern,
3168 Thomas Hindoe Paaboel Andersen, Tom Gundersen, Umut Tezduyar,
3169 Václav Pavlín, Zachary Cook, Zbigniew Jędrzejewski-Szmek,
3170 Łukasz Stelmach, 장동준
3171
606c24e3
LP		 3172CHANGES WITH 204:
3173
3174 * The Python bindings gained some minimal support for the APIs
3175 exposed by libsystemd-logind.
3176
3177 * ConditionSecurity= gained support for detecting SMACK. Since
3178 this condition already supports SELinux and AppArmor we only
3179 miss IMA for this. Patches welcome!
3180
3181 Contributions from: Karol Lewandowski, Lennart Poettering,
3182 Zbigniew Jędrzejewski-Szmek
3183
2f3fcf85
LP		 3184CHANGES WITH 203:
3185
3186 * systemd-nspawn will now create /etc/resolv.conf if
3187 necessary, before bind-mounting the host's file onto it.
3188
3189 * systemd-nspawn will now store meta information about a
3190 container on the container's cgroup as extended attribute
3191 fields, including the root directory.
3192
3193 * The cgroup hierarchy has been reworked in many ways. All
3194 objects any of the components systemd creates in the cgroup
b82eed9a 3195 tree are now suffixed. More specifically, user sessions are
2f3fcf85
LP		 3196 now placed in cgroups suffixed with ".session", users in
3197 cgroups suffixed with ".user", and nspawn containers in
3198 cgroups suffixed with ".nspawn". Furthermore, all cgroup
3199 names are now escaped in a simple scheme to avoid collision
3200 of userspace object names with kernel filenames. This work
3201 is preparation for making these objects relocatable in the
3202 cgroup tree, in order to allow easy resource partitioning of
3203 these objects without causing naming conflicts.
3204
3205 * systemctl list-dependencies gained the new switches
3206 --plain, --reverse, --after and --before.
3207
3208 * systemd-inhibit now shows the process name of processes that
3209 have taken an inhibitor lock.
3210
3211 * nss-myhostname will now also resolve "localhost"
3212 implicitly. This makes /etc/hosts an optional file and
3213 nicely handles that on IPv6 ::1 maps to both "localhost" and
3214 the local hostname.
3215
3216 * libsystemd-logind.so gained a new call
3217 sd_get_machine_names() to enumerate running containers and
3218 VMs (currently only supported by very new libvirt and
3219 nspawn). sd_login_monitor can now be used to watch
3220 VMs/containers coming and going.
3221
3222 * .include is not allowed recursively anymore, and only in
3223 unit files. Usually it is better to use drop-in snippets in
3224 .d/*.conf anyway, as introduced with systemd 198.
3225
3226 * systemd-analyze gained a new "critical-chain" command that
3227 determines the slowest chain of units run during system
3228 boot-up. It is very useful for tracking down where
3229 optimizing boot time is the most beneficial.
3230
3231 * systemd will no longer allow manipulating service paths in
3232 the name=systemd:/system cgroup tree using ControlGroup= in
3233 units. (But is still fine with it in all other dirs.)
3234
3235 * There's a new systemd-nspawn@.service service file that may
3236 be used to easily run nspawn containers as system
3237 services. With the container's root directory in
3238 /var/lib/container/foobar it is now sufficient to run
3239 "systemctl start systemd-nspawn@foobar.service" to boot it.
3240
3241 * systemd-cgls gained a new parameter "--machine" to list only
3242 the processes within a certain container.
3243
3244 * ConditionSecurity= now can check for "apparmor". We still
3245 are lacking checks for SMACK and IMA for this condition
3246 check though. Patches welcome!
3247
3248 * A new configuration file /etc/systemd/sleep.conf has been
3249 added that may be used to configure which kernel operation
3250 systemd is supposed to execute when "suspend", "hibernate"
3251 or "hybrid-sleep" is requested. This makes the new kernel
3252 "freeze" state accessible to the user.
3253
3254 * ENV{SYSTEMD_WANTS} in udev rules will now implicitly escape
3255 the passed argument if applicable.
3256
3257 Contributions from: Auke Kok, Colin Guthrie, Colin Walters,
3258 Cristian Rodríguez, Daniel Buch, Daniel Wallace, Dave Reisner,
3259 Evangelos Foutras, Greg Kroah-Hartman, Harald Hoyer, Josh
3260 Triplett, Kay Sievers, Lennart Poettering, Lukas Nykryn,
3261 MUNEDA Takahiro, Mantas Mikulėnas, Mirco Tischler, Nathaniel
3262 Chen, Nirbheek Chauhan, Ronny Chevalier, Ross Lagerwall, Tom
3263 Gundersen, Umut Tezduyar, Ville Skyttä, Zbigniew
3264 Jędrzejewski-Szmek
3265
ef3b5246
LP		 3266CHANGES WITH 202:
3267
3268 * The output of 'systemctl list-jobs' got some polishing. The
3269 '--type=' argument may now be passed more than once. A new
3270 command 'systemctl list-sockets' has been added which shows
3271 a list of kernel sockets systemd is listening on with the
3272 socket units they belong to, plus the units these socket
3273 units activate.
3274
3275 * The experimental libsystemd-bus library got substantial
3276 updates to work in conjunction with the (also experimental)
3277 kdbus kernel project. It works well enough to exchange
3278 messages with some sophistication. Note that kdbus is not
3279 ready yet, and the library is mostly an elaborate test case
3280 for now, and not installable.
3281
3282 * systemd gained a new unit 'systemd-static-nodes.service'
3283 that generates static device nodes earlier during boot, and
3284 can run in conjunction with udev.
3285
3286 * libsystemd-login gained a new call sd_pid_get_user_unit()
3287 to retrieve the user systemd unit a process is running
3288 in. This is useful for systems where systemd is used as
3289 session manager.
3290
3291 * systemd-nspawn now places all containers in the new /machine
3292 top-level cgroup directory in the name=systemd
3293 hierarchy. libvirt will soon do the same, so that we get a
3294 uniform separation of /system, /user and /machine for system
3295 services, user processes and containers/virtual
3296 machines. This new cgroup hierarchy is also useful to stick
3297 stable names to specific container instances, which can be
7c04ad2d 3298 recognized later this way (this name may be controlled
ef3b5246
LP		 3299 via systemd-nspawn's new -M switch). libsystemd-login also
3300 gained a new call sd_pid_get_machine_name() to retrieve the
3301 name of the container/VM a specific process belongs to.
3302
3303 * bootchart can now store its data in the journal.
3304
3305 * libsystemd-journal gained a new call
3306 sd_journal_add_conjunction() for AND expressions to the
3307 matching logic. This can be used to express more complex
3308 logical expressions.
3309
3310 * journactl can now take multiple --unit= and --user-unit=
3311 switches.
3312
3313 * The cryptsetup logic now understands the "luks.key=" kernel
3314 command line switch for specifying a file to read the
7c04ad2d 3315 decryption key from. Also, if a configured key file is not
ef3b5246
LP		 3316 found the tool will now automatically fall back to prompting
3317 the user.
3318
cbeabcfb
ZJS		 3319 * Python systemd.journal module was updated to wrap recently
3320 added functions from libsystemd-journal. The interface was
3321 changed to bring the low level interface in s.j._Reader
3322 closer to the C API, and the high level interface in
3323 s.j.Reader was updated to wrap and convert all data about
3324 an entry.
3325
ef3b5246
LP		 3326 Contributions from: Anatol Pomozov, Auke Kok, Harald Hoyer,
3327 Henrik Grindal Bakken, Josh Triplett, Kay Sievers, Lennart
3328 Poettering, Lukas Nykryn, Mantas Mikulėnas Marius Vollmer,
3329 Martin Jansa, Martin Pitt, Michael Biebl, Michal Schmidt,
3330 Mirco Tischler, Pali Rohar, Simon Peeters, Steven Hiscocks,
3331 Tom Gundersen, Zbigniew Jędrzejewski-Szmek
3332
d3a86981
LP		 3333CHANGES WITH 201:
3334
3335 * journalctl --update-catalog now understands a new --root=
3336 option to operate on catalogs found in a different root
3337 directory.
3338
3339 * During shutdown after systemd has terminated all running
3340 services a final killing loop kills all remaining left-over
3341 processes. We will now print the name of these processes
3342 when we send SIGKILL to them, since this usually indicates a
3343 problem.
3344
3345 * If /etc/crypttab refers to password files stored on
3346 configured mount points automatic dependencies will now be
3347 generated to ensure the specific mount is established first
3348 before the key file is attempted to be read.
3349
3350 * 'systemctl status' will now show information about the
3351 network sockets a socket unit is listening on.
3352
3353 * 'systemctl status' will also shown information about any
3354 drop-in configuration file for units. (Drop-In configuration
3355 files in this context are files such as
3356 /etc/systemd/systemd/foobar.service.d/*.conf)
3357
3358 * systemd-cgtop now optionally shows summed up CPU times of
3359 cgroups. Press '%' while running cgtop to switch between
3360 percentage and absolute mode. This is useful to determine
3361 which cgroups use up the most CPU time over the entire
3362 runtime of the system. systemd-cgtop has also been updated
3363 to be 'pipeable' for processing with further shell tools.
3364
3365 * 'hostnamectl set-hostname' will now allow setting of FQDN
3366 hostnames.
3367
3368 * The formatting and parsing of time span values has been
3369 changed. The parser now understands fractional expressions
3370 such as "5.5h". The formatter will now output fractional
3371 expressions for all time spans under 1min, i.e. "5.123456s"
3372 rather than "5s 123ms 456us". For time spans under 1s
3373 millisecond values are shown, for those under 1ms
3374 microsecond values are shown. This should greatly improve
3375 all time-related output of systemd.
3376
3377 * libsystemd-login and libsystemd-journal gained new
3378 functions for querying the poll() events mask and poll()
3379 timeout value for integration into arbitrary event
3380 loops.
3381
3382 * localectl gained the ability to list available X11 keymaps
3383 (models, layouts, variants, options).
3384
3385 * 'systemd-analyze dot' gained the ability to filter for
3386 specific units via shell-style globs, to create smaller,
d28315e4 3387 more useful graphs. I.e. it is now possible to create simple
d3a86981
LP		 3388 graphs of all the dependencies between only target units, or
3389 of all units that Avahi has dependencies with.
3390
3391 Contributions from: Cristian Rodríguez, Dr. Tilmann Bubeck,
3392 Harald Hoyer, Holger Hans Peter Freyther, Kay Sievers, Kelly
3393 Anderson, Koen Kooi, Lennart Poettering, Maksim Melnikau,
3394 Marc-Antoine Perennou, Marius Vollmer, Martin Pitt, Michal
3395 Schmidt, Oleksii Shevchuk, Ronny Chevalier, Simon McVittie,
3396 Steven Hiscocks, Thomas Weißschuh, Umut Tezduyar, Václav
3397 Pavlín, Zbigniew Jędrzejewski-Szmek, Łukasz Stelmach
3398
9ca3c17f
LP		 3399CHANGES WITH 200:
3400
3401 * The boot-time readahead implementation for rotating media
3402 will now read the read-ahead data in multiple passes which
3403 consist of all read requests made in equidistant time
3404 intervals. This means instead of strictly reading read-ahead
3405 data in its physical order on disk we now try to find a
3406 middle ground between physical and access time order.
3407
3408 * /etc/os-release files gained a new BUILD_ID= field for usage
3409 on operating systems that provide continuous builds of OS
3410 images.
3411
3412 Contributions from: Auke Kok, Eelco Dolstra, Kay Sievers,
3413 Lennart Poettering, Lukas Nykryn, Martin Pitt, Václav Pavlín
3414 William Douglas, Zbigniew Jędrzejewski-Szmek
3415
35911459
LP		 3416CHANGES WITH 199:
3417
3418 * systemd-python gained an API exposing libsystemd-daemon.
3419
3420 * The SMACK setup logic gained support for uploading CIPSO
3421 security policy.
3422
3423 * Behaviour of PrivateTmp=, ReadWriteDirectories=,
3424 ReadOnlyDirectories= and InaccessibleDirectories= has
3425 changed. The private /tmp and /var/tmp directories are now
3426 shared by all processes of a service (which means
3427 ExecStartPre= may now leave data in /tmp that ExecStart= of
3428 the same service can still access). When a service is
3429 stopped its temporary directories are immediately deleted
a87197f5 3430 (normal clean-up with tmpfiles is still done in addition to
35911459
LP		 3431 this though).
3432
3433 * By default, systemd will now set a couple of sysctl
3434 variables in the kernel: the safe sysrq options are turned
3435 on, IP route verification is turned on, and source routing
3436 disabled. The recently added hardlink and softlink
3437 protection of the kernel is turned on. These settings should
3438 be reasonably safe, and good defaults for all new systems.
3439
3440 * The predictable network naming logic may now be turned off
a87197f5 3441 with a new kernel command line switch: net.ifnames=0.
35911459
LP		 3442
3443 * A new libsystemd-bus module has been added that implements a
3444 pretty complete D-Bus client library. For details see:
3445
3446 http://lists.freedesktop.org/archives/systemd-devel/2013-March/009797.html
3447
c20d8298 3448 * journald will now explicitly flush the journal files to disk
a87197f5
ZJS		 3449 at the latest 5min after each write. The file will then also
3450 be marked offline until the next write. This should increase
3451 reliability in case of a crash. The synchronization delay
3452 can be configured via SyncIntervalSec= in journald.conf.
35911459
LP		 3453
3454 * There's a new remote-fs-setup.target unit that can be used
3455 to pull in specific services when at least one remote file
3456 system is to be mounted.
3457
3458 * There are new targets timers.target and paths.target as
3459 canonical targets to pull user timer and path units in
3460 from. This complements sockets.target with a similar
3461 purpose for socket units.
3462
6a7d3d68
LP		 3463 * libudev gained a new call udev_device_set_attribute_value()
3464 to set sysfs attributes of a device.
3465
a87197f5
ZJS		 3466 * The udev daemon now sets the default number of worker
3467 processes executed in parallel based on the number of available
c20d8298 3468 CPUs instead of the amount of available RAM. This is supposed
ab06eef8 3469 to provide a more reliable default and limit a too aggressive
c20d8298
KS		 3470 paralellism for setups with 1000s of devices connected.
3471
35911459
LP		 3472 Contributions from: Auke Kok, Colin Walters, Cristian
3473 Rodríguez, Daniel Buch, Dave Reisner, Frederic Crozat, Hannes
3474 Reinecke, Harald Hoyer, Jan Alexander Steffens, Jan
3475 Engelhardt, Josh Triplett, Kay Sievers, Lennart Poettering,
3476 Mantas Mikulėnas, Martin Pitt, Mathieu Bridon, Michael Biebl,
3477 Michal Schmidt, Michal Sekletar, Miklos Vajna, Nathaniel Chen,
3478 Oleksii Shevchuk, Ozan Çağlayan, Thomas Hindoe Paaboel
3479 Andersen, Tollef Fog Heen, Tom Gundersen, Umut Tezduyar,
3480 Zbigniew Jędrzejewski-Szmek
3481
85d68397
LP		 3482CHANGES WITH 198:
3483
3484 * Configuration of unit files may now be extended via drop-in
3485 files without having to edit/override the unit files
3486 themselves. More specifically, if the administrator wants to
3487 change one value for a service file foobar.service he can
3488 now do so by dropping in a configuration snippet into
ad88e758 3489 /etc/systemd/system/foobar.service.d/*.conf. The unit logic
85d68397
LP		 3490 will load all these snippets and apply them on top of the
3491 main unit configuration file, possibly extending or
3492 overriding its settings. Using these drop-in snippets is
40e21da8
KS		 3493 generally nicer than the two earlier options for changing
3494 unit files locally: copying the files from
85d68397
LP		 3495 /usr/lib/systemd/system/ to /etc/systemd/system/ and editing
3496 them there; or creating a new file in /etc/systemd/system/
3497 that incorporates the original one via ".include". Drop-in
3498 snippets into these .d/ directories can be placed in any
fd868975 3499 directory systemd looks for units in, and the usual
85d68397
LP		 3500 overriding semantics between /usr/lib, /etc and /run apply
3501 for them too.
3502
3503 * Most unit file settings which take lists of items can now be
6aa8d43a 3504 reset by assigning the empty string to them. For example,
85d68397
LP		 3505 normally, settings such as Environment=FOO=BAR append a new
3506 environment variable assignment to the environment block,
3507 each time they are used. By assigning Environment= the empty
3508 string the environment block can be reset to empty. This is
3509 particularly useful with the .d/*.conf drop-in snippets
156f7d09
KS		 3510 mentioned above, since this adds the ability to reset list
3511 settings from vendor unit files via these drop-ins.
85d68397
LP		 3512
3513 * systemctl gained a new "list-dependencies" command for
3514 listing the dependencies of a unit recursively.
3515
40e21da8 3516 * Inhibitors are now honored and listed by "systemctl
85d68397
LP		 3517 suspend", "systemctl poweroff" (and similar) too, not only
3518 GNOME. These commands will also list active sessions by
3519 other users.
3520
3521 * Resource limits (as exposed by the various control group
3522 controllers) can now be controlled dynamically at runtime
3523 for all units. More specifically, you can now use a command
3524 like "systemctl set-cgroup-attr foobar.service cpu.shares
3525 2000" to alter the CPU shares a specific service gets. These
6aa8d43a 3526 settings are stored persistently on disk, and thus allow the
85d68397
LP		 3527 administrator to easily adjust the resource usage of
3528 services with a few simple commands. This dynamic resource
6aa8d43a 3529 management logic is also available to other programs via the
85d68397
LP		 3530 bus. Almost any kernel cgroup attribute and controller is
3531 supported.
3532
3533 * systemd-vconsole-setup will now copy all font settings to
6aa8d43a
LP		 3534 all allocated VTs, where it previously applied them only to
3535 the foreground VT.
85d68397
LP		 3536
3537 * libsystemd-login gained the new sd_session_get_tty() API
3538 call.
3539
6aa8d43a
LP		 3540 * This release drops support for a few legacy or
3541 distribution-specific LSB facility names when parsing init
3542 scripts: $x-display-manager, $mail-transfer-agent,
85d68397
LP		 3543 $mail-transport-agent, $mail-transfer-agent, $smtp,
3544 $null. Also, the mail-transfer-agent.target unit backing
3545 this has been removed. Distributions which want to retain
6aa8d43a
LP		 3546 compatibility with this should carry the burden for
3547 supporting this themselves and patch support for these back
3548 in, if they really need to. Also, the facilities $syslog and
3549 $local_fs are now ignored, since systemd does not support
3550 early-boot LSB init scripts anymore, and these facilities
3551 are implied anyway for normal services. syslog.target has
3552 also been removed.
85d68397 3553
40e21da8 3554 * There are new bus calls on PID1's Manager object for
6aa8d43a 3555 cancelling jobs, and removing snapshot units. Previously,
85d68397
LP		 3556 both calls were only available on the Job and Snapshot
3557 objects themselves.
3558
3559 * systemd-journal-gatewayd gained SSL support.
3560
3561 * The various "environment" files, such as /etc/locale.conf
3562 now support continuation lines with a backslash ("\") as
499b604b 3563 last character in the line, similarly in style (but different)
85d68397
LP		 3564 to how this is supported in shells.
3565
3566 * For normal user processes the _SYSTEMD_USER_UNIT= field is
3567 now implicitly appended to every log entry logged. systemctl
3568 has been updated to filter by this field when operating on a
3569 user systemd instance.
3570
3571 * nspawn will now implicitly add the CAP_AUDIT_WRITE and
3572 CAP_AUDIT_CONTROL capabilities to the capabilities set for
3573 the container. This makes it easier to boot unmodified
3574 Fedora systems in a container, which however still requires
3575 audit=0 to be passed on the kernel command line. Auditing in
3576 kernel and userspace is unfortunately still too broken in
3577 context of containers, hence we recommend compiling it out
3578 of the kernel or using audit=0. Hopefully this will be fixed
3579 one day for good in the kernel.
3580
3581 * nspawn gained the new --bind= and --bind-ro= parameters to
3582 bind mount specific directories from the host into the
3583 container.
3584
40e21da8 3585 * nspawn will now mount its own devpts file system instance
6aa8d43a 3586 into the container, in order not to leak pty devices from
85d68397
LP		 3587 the host into the container.
3588
3589 * systemd will now read the firmware boot time performance
6aa8d43a
LP		 3590 information from the EFI variables, if the used boot loader
3591 supports this, and takes it into account for boot performance
3592 analysis via "systemd-analyze". This is currently supported
3593 only in conjunction with Gummiboot, but could be supported
3594 by other boot loaders too. For details see:
85d68397
LP		 3595
3596 http://www.freedesktop.org/wiki/Software/systemd/BootLoaderInterface
3597
3598 * A new generator has been added that automatically mounts the
3599 EFI System Partition (ESP) to /boot, if that directory
6aa8d43a
LP		 3600 exists, is empty, and no other file system has been
3601 configured to be mounted there.
85d68397
LP		 3602
3603 * logind will now send out PrepareForSleep(false) out
3604 unconditionally, after coming back from suspend. This may be
3605 used by applications as asynchronous notification for
3606 system resume events.
3607
3608 * "systemctl unlock-sessions" has been added, that allows
3609 unlocking the screens of all user sessions at once, similar
499b604b 3610 to how "systemctl lock-sessions" already locked all users
40e21da8 3611 sessions. This is backed by a new D-Bus call UnlockSessions().
85d68397
LP		 3612
3613 * "loginctl seat-status" will now show the master device of a
3614 seat. (i.e. the device of a seat that needs to be around for
3615 the seat to be considered available, usually the graphics
3616 card).
3617
3618 * tmpfiles gained a new "X" line type, that allows
3619 configuration of files and directories (with wildcards) that
3620 shall be excluded from automatic cleanup ("aging").
3621
bf933560
KS		 3622 * udev default rules set the device node permissions now only
3623 at "add" events, and do not change them any longer with a
3624 later "change" event.
85d68397
LP		 3625
3626 * The log messages for lid events and power/sleep keypresses
3627 now carry a message ID.
3628
3629 * We now have a substantially larger unit test suite, but this
3630 continues to be work in progress.
3631
3632 * udevadm hwdb gained a new --root= parameter to change the
3633 root directory to operate relative to.
3634
40e21da8
KS		 3635 * logind will now issue a background sync() request to the kernel
3636 early at shutdown, so that dirty buffers are flushed to disk early
85d68397
LP		 3637 instead of at the last moment, in order to optimize shutdown
3638 times a little.
3639
3640 * A new bootctl tool has been added that is an interface for
3641 certain boot loader operations. This is currently a preview
3642 and is likely to be extended into a small mechanism daemon
3643 like timedated, localed, hostnamed, and can be used by
3644 graphical UIs to enumerate available boot options, and
3645 request boot into firmware operations.
3646
3647 * systemd-bootchart has been relicensed to LGPLv2.1+ to match
3648 the rest of the package. It also has been updated to work
3649 correctly in initrds.
3650
3651 * Policykit previously has been runtime optional, and is now
3652 also compile time optional via a configure switch.
3653
3654 * systemd-analyze has been reimplemented in C. Also "systemctl
3655 dot" has moved into systemd-analyze.
3656
3657 * "systemctl status" with no further parameters will now print
3658 the status of all active or failed units.
3659
3660 * Operations such as "systemctl start" can now be executed
3661 with a new mode "--irreversible" which may be used to queue
3662 operations that cannot accidentally be reversed by a later
6aa8d43a 3663 job queuing. This is by default used to make shutdown
85d68397
LP		 3664 requests more robust.
3665
3666 * The Python API of systemd now gained a new module for
3667 reading journal files.
3668
3669 * A new tool kernel-install has been added that can install
3670 kernel images according to the Boot Loader Specification:
3671
3672 http://www.freedesktop.org/wiki/Specifications/BootLoaderSpec
3673
3674 * Boot time console output has been improved to provide
6aa8d43a 3675 animated boot time output for hanging jobs.
85d68397
LP		 3676
3677 * A new tool systemd-activate has been added which can be used
3678 to test socket activation with, directly from the command
3679 line. This should make it much easier to test and debug
3680 socket activation in daemons.
3681
3682 * journalctl gained a new "--reverse" (or -r) option to show
3683 journal output in reverse order (i.e. newest line first).
3684
43447fb7
LP		 3685 * journalctl gained a new "--pager-end" (or -e) option to jump
3686 to immediately jump to the end of the journal in the
3687 pager. This is only supported in conjunction with "less".
3688
85d68397 3689 * journalctl gained a new "--user-unit=" option, that works
499b604b 3690 similarly to "--unit=" but filters for user units rather than
85d68397
LP		 3691 system units.
3692
3693 * A number of unit files to ease adoption of systemd in
3694 initrds has been added. This moves some minimal logic from
3695 the various initrd implementations into systemd proper.
3696
3697 * The journal files are now owned by a new group
3698 "systemd-journal", which exists specifically to allow access
3699 to the journal, and nothing else. Previously, we used the
6aa8d43a 3700 "adm" group for that, which however possibly covers more
85d68397
LP		 3701 than just journal/log file access. This new group is now
3702 already used by systemd-journal-gatewayd to ensure this
3703 daemon gets access to the journal files and as little else
3704 as possible. Note that "make install" will also set FS ACLs
3705 up for /var/log/journal to give "adm" and "wheel" read
3706 access to it, in addition to "systemd-journal" which owns
3707 the journal files. We recommend that packaging scripts also
6aa8d43a 3708 add read access to "adm" + "wheel" to /var/log/journal, and
85d68397
LP		 3709 all existing/future journal files. To normal users and
3710 administrators little changes, however packagers need to
3711 ensure to create the "systemd-journal" system group at
3712 package installation time.
3713
3714 * The systemd-journal-gatewayd now runs as unprivileged user
3715 systemd-journal-gateway:systemd-journal-gateway. Packaging
3716 scripts need to create these system user/group at
3717 installation time.
3718
3719 * timedated now exposes a new boolean property CanNTP that
3720 indicates whether a local NTP service is available or not.
3721
3722 * systemd-detect-virt will now also detect xen PVs
3723
40e21da8
KS		 3724 * The pstore file system is now mounted by default, if it is
3725 available.
85d68397 3726
1aed4590
LP		 3727 * In addition to the SELinux and IMA policies we will now also
3728 load SMACK policies at early boot.
3729
85d68397
LP		 3730 Contributions from: Adel Gadllah, Aleksander Morgado, Auke
3731 Kok, Ayan George, Bastien Nocera, Colin Walters, Daniel Buch,
3732 Daniel Wallace, Dave Reisner, David Herrmann, David Strauss,
3733 Eelco Dolstra, Enrico Scholz, Frederic Crozat, Harald Hoyer,
3734 Jan Janssen, Jonathan Callen, Kay Sievers, Lennart Poettering,
3735 Lukas Nykryn, Mantas Mikulėnas, Marc-Antoine Perennou, Martin
3736 Pitt, Mauro Dreissig, Max F. Albrecht, Michael Biebl, Michael
3737 Olbrich, Michal Schmidt, Michal Sekletar, Michal Vyskocil,
3738 Michał Bartoszkiewicz, Mirco Tischler, Nathaniel Chen, Nestor
3739 Ovroy, Oleksii Shevchuk, Paul W. Frields, Piotr Drąg, Rob
3740 Clark, Ryan Lortie, Simon McVittie, Simon Peeters, Steven
3741 Hiscocks, Thomas Hindoe Paaboel Andersen, Tollef Fog Heen, Tom
3742 Gundersen, Umut Tezduyar, William Giokas, Zbigniew
3743 Jędrzejewski-Szmek, Zeeshan Ali (Khattak)
3744
8ad26859
LP		 3745CHANGES WITH 197:
3746
3747 * Timer units now support calendar time events in addition to
3748 monotonic time events. That means you can now trigger a unit
3749 based on a calendar time specification such as "Thu,Fri
3750 2013-*-1,5 11:12:13" which refers to 11:12:13 of the first
3751 or fifth day of any month of the year 2013, given that it is
3752 a thursday or friday. This brings timer event support
3753 considerably closer to cron's capabilities. For details on
3754 the supported calendar time specification language see
3755 systemd.time(7).
3756
3757 * udev now supports a number of different naming policies for
3758 network interfaces for predictable names, and a combination
3759 of these policies is now the default. Please see this wiki
3760 document for details:
3761
3762 http://www.freedesktop.org/wiki/Software/systemd/PredictableNetworkInterfaceNames
3763
3764 * Auke Kok's bootchart implementation has been added to the
d28315e4
JE		 3765 systemd tree. It is an optional component that can graph the
3766 boot in quite some detail. It is one of the best bootchart
8ad26859
LP		 3767 implementations around and minimal in its code and
3768 dependencies.
3769
3770 * nss-myhostname has been integrated into the systemd source
3771 tree. nss-myhostname guarantees that the local hostname
3772 always stays resolvable via NSS. It has been a weak
3773 requirement of systemd-hostnamed since a long time, and
3774 since its code is actually trivial we decided to just
3775 include it in systemd's source tree. It can be turned off
3776 with a configure switch.
3777
3778 * The read-ahead logic is now capable of properly detecting
3779 whether a btrfs file system is on SSD or rotating media, in
3780 order to optimize the read-ahead scheme. Previously, it was
3781 only capable of detecting this on traditional file systems
3782 such as ext4.
3783
3784 * In udev, additional device properties are now read from the
3785 IAB in addition to the OUI database. Also, Bluetooth company
3786 identities are attached to the devices as well.
3787
3788 * In service files %U may be used as specifier that is
3789 replaced by the configured user name of the service.
3790
3791 * nspawn may now be invoked without a controlling TTY. This
3792 makes it suitable for invocation as its own service. This
3793 may be used to set up a simple containerized server system
3794 using only core OS tools.
3795
3796 * systemd and nspawn can now accept socket file descriptors
3797 when they are started for socket activation. This enables
3798 implementation of socket activated nspawn
3799 containers. i.e. think about autospawning an entire OS image
3800 when the first SSH or HTTP connection is received. We expect
3801 that similar functionality will also be added to libvirt-lxc
3802 eventually.
3803
3804 * journalctl will now suppress ANSI color codes when
3805 presenting log data.
3806
3807 * systemctl will no longer show control group information for
3808 a unit if a the control group is empty anyway.
3809
3810 * logind can now automatically suspend/hibernate/shutdown the
3811 system on idle.
3812
3813 * /etc/machine-info and hostnamed now also expose the chassis
3814 type of the system. This can be used to determine whether
3815 the local system is a laptop, desktop, handset or
3816 tablet. This information may either be configured by the
3817 user/vendor or is automatically determined from ACPI and DMI
3818 information if possible.
3819
3820 * A number of PolicyKit actions are now bound together with
3821 "imply" rules. This should simplify creating UIs because
3822 many actions will now authenticate similar ones as well.
3823
3824 * Unit files learnt a new condition ConditionACPower= which
3825 may be used to conditionalize a unit depending on whether an
3826 AC power source is connected or not, of whether the system
3827 is running on battery power.
3828
3829 * systemctl gained a new "is-failed" verb that may be used in
3830 shell scripts and suchlike to check whether a specific unit
3831 is in the "failed" state.
3832
3833 * The EnvironmentFile= setting in unit files now supports file
3834 globbing, and can hence be used to easily read a number of
3835 environment files at once.
3836
3837 * systemd will no longer detect and recognize specific
3838 distributions. All distribution-specific #ifdeffery has been
3839 removed, systemd is now fully generic and
3840 distribution-agnostic. Effectively, not too much is lost as
3841 a lot of the code is still accessible via explicit configure
3842 switches. However, support for some distribution specific
3843 legacy configuration file formats has been dropped. We
3844 recommend distributions to simply adopt the configuration
3845 files everybody else uses now and convert the old
3846 configuration from packaging scripts. Most distributions
3847 already did that. If that's not possible or desirable,
3848 distributions are welcome to forward port the specific
3849 pieces of code locally from the git history.
3850
3851 * When logging a message about a unit systemd will now always
3852 log the unit name in the message meta data.
3853
3854 * localectl will now also discover system locale data that is
3855 not stored in locale archives, but directly unpacked.
3856
3857 * logind will no longer unconditionally use framebuffer
3858 devices as seat masters, i.e. as devices that are required
3859 to be existing before a seat is considered preset. Instead,
3860 it will now look for all devices that are tagged as
3861 "seat-master" in udev. By default framebuffer devices will
3862 be marked as such, but depending on local systems other
3863 devices might be marked as well. This may be used to
3864 integrate graphics cards using closed source drivers (such
3865 as NVidia ones) more nicely into logind. Note however, that
3866 we recommend using the open source NVidia drivers instead,
3867 and no udev rules for the closed-source drivers will be
3868 shipped from us upstream.
3869
3870 Contributions from: Adam Williamson, Alessandro Crismani, Auke
3871 Kok, Colin Walters, Daniel Wallace, Dave Reisner, David
3872 Herrmann, David Strauss, Dimitrios Apostolou, Eelco Dolstra,
3873 Eric Benoit, Giovanni Campagna, Hannes Reinecke, Henrik
3874 Grindal Bakken, Hermann Gausterer, Kay Sievers, Lennart
3875 Poettering, Lukas Nykryn, Mantas Mikulėnas, Marcel Holtmann,
3876 Martin Pitt, Matthew Monaco, Michael Biebl, Michael Terry,
3877 Michal Schmidt, Michal Sekletar, Michał Bartoszkiewicz, Oleg
3878 Samarin, Pekka Lundstrom, Philip Nilsson, Ramkumar
3879 Ramachandra, Richard Yao, Robert Millan, Sami Kerola, Shawn
3880 Landden, Thomas Hindoe Paaboel Andersen, Thomas Jarosch,
3881 Tollef Fog Heen, Tom Gundersen, Umut Tezduyar, Zbigniew
3882 Jędrzejewski-Szmek
3883
0428ddb7
LP		 3884CHANGES WITH 196:
3885
3886 * udev gained support for loading additional device properties
3887 from an indexed database that is keyed by vendor/product IDs
3888 and similar device identifiers. For the beginning this
3889 "hwdb" is populated with data from the well-known PCI and
3890 USB database, but also includes PNP, ACPI and OID data. In
3891 the longer run this indexed database shall grow into
3892 becoming the one central database for non-essential
3893 userspace device metadata. Previously, data from the PCI/USB
96ec33c0 3894 database was only attached to select devices, since the
0428ddb7 3895 lookup was a relatively expensive operation due to O(n) time
96ec33c0
LP		 3896 complexity (with n being the number of entries in the
3897 database). Since this is now O(1), we decided to add in this
3898 data for all devices where this is available, by
0428ddb7
LP		 3899 default. Note that the indexed database needs to be rebuilt
3900 when new data files are installed. To achieve this you need
3901 to update your packaging scripts to invoke "udevadm hwdb
3902 --update" after installation of hwdb data files. For
3903 RPM-based distributions we introduced the new
3904 %udev_hwdb_update macro for this purpose.
3905
3906 * The Journal gained support for the "Message Catalog", an
3907 indexed database to link up additional information with
3908 journal entries. For further details please check:
3909
3910 http://www.freedesktop.org/wiki/Software/systemd/catalog
3911
3912 The indexed message catalog database also needs to be
3913 rebuilt after installation of message catalog files. Use
3914 "journalctl --update-catalog" for this. For RPM-based
3915 distributions we introduced the %journal_catalog_update
3916 macro for this purpose.
3917
3918 * The Python Journal bindings gained support for the standard
3919 Python logging framework.
3920
3921 * The Journal API gained new functions for checking whether
3922 the underlying file system of a journal file is capable of
3923 properly reporting file change notifications, or whether
3924 applications that want to reflect journal changes "live"
ab06eef8 3925 need to recheck journal files continuously in appropriate
0428ddb7
LP		 3926 time intervals.
3927
3928 * It is now possible to set the "age" field for tmpfiles
3929 entries to 0, indicating that files matching this entry
3930 shall always be removed when the directories are cleaned up.
3931
3932 * coredumpctl gained a new "gdb" verb which invokes gdb
3933 right-away on the selected coredump.
3934
3935 * There's now support for "hybrid sleep" on kernels that
3936 support this, in addition to "suspend" and "hibernate". Use
3937 "systemctl hybrid-sleep" to make use of this.
3938
3939 * logind's HandleSuspendKey= setting (and related settings)
3940 now gained support for a new "lock" setting to simply
3941 request the screen lock on all local sessions, instead of
3942 actually executing a suspend or hibernation.
3943
3944 * systemd will now mount the EFI variables file system by
3945 default.
3946
3947 * Socket units now gained support for configuration of the
3948 SMACK security label.
3949
3950 * timedatectl will now output the time of the last and next
3951 daylight saving change.
3952
3953 * We dropped support for various legacy and distro-specific
3954 concepts, such as insserv, early-boot SysV services
3955 (i.e. those for non-standard runlevels such as 'b' or 'S')
3956 or ArchLinux /etc/rc.conf support. We recommend the
3957 distributions who still need support this to either continue
3958 to maintain the necessary patches downstream, or find a
3959 different solution. (Talk to us if you have questions!)
3960
3961 * Various systemd components will now bypass PolicyKit checks
3962 for root and otherwise handle properly if PolicyKit is not
3963 found to be around. This should fix most issues for
3964 PolicyKit-less systems. Quite frankly this should have been
3965 this way since day one. It is absolutely our intention to
3966 make systemd work fine on PolicyKit-less systems, and we
d28315e4 3967 consider it a bug if something does not work as it should if
0428ddb7
LP		 3968 PolicyKit is not around.
3969
3970 * For embedded systems it is now possible to build udev and
3971 systemd without blkid and/or kmod support.
3972
3973 * "systemctl switch-root" is now capable of switching root
3974 more than once. I.e. in addition to transitions from the
3975 initrd to the host OS it is now possible to transition to
3976 further OS images from the host. This is useful to implement
3977 offline updating tools.
3978
3979 * Various other additions have been made to the RPM macros
3980 shipped with systemd. Use %udev_rules_update() after
3981 installing new udev rules files. %_udevhwdbdir,
3982 %_udevrulesdir, %_journalcatalogdir, %_tmpfilesdir,
3983 %_sysctldir are now available which resolve to the right
3984 directories for packages to place various data files in.
3985
3986 * journalctl gained the new --full switch (in addition to
3987 --all, to disable ellipsation for long messages.
3988
3989 Contributions from: Anders Olofsson, Auke Kok, Ben Boeckel,
3990 Colin Walters, Cosimo Cecchi, Daniel Wallace, Dave Reisner,
3991 Eelco Dolstra, Holger Hans Peter Freyther, Kay Sievers,
3992 Chun-Yi Lee, Lekensteyn, Lennart Poettering, Mantas Mikulėnas,
3993 Marti Raudsepp, Martin Pitt, Mauro Dreissig, Michael Biebl,
3994 Michal Schmidt, Michal Sekletar, Miklos Vajna, Nis Martensen,
3995 Oleksii Shevchuk, Olivier Brunel, Ramkumar Ramachandra, Thomas
3996 Bächler, Thomas Hindoe Paaboel Andersen, Tom Gundersen, Tony
3997 Camuso, Umut Tezduyar, Zbigniew Jędrzejewski-Szmek
3998
139ee8cc
LP		 3999CHANGES WITH 195:
4000
6827101a 4001 * journalctl gained new --since= and --until= switches to
139ee8cc
LP		 4002 filter by time. It also now supports nice filtering for
4003 units via --unit=/-u.
4004
6827101a 4005 * Type=oneshot services may use ExecReload= and do the
139ee8cc
LP		 4006 right thing.
4007
4008 * The journal daemon now supports time-based rotation and
4009 vacuuming, in addition to the usual disk-space based
4010 rotation.
4011
4012 * The journal will now index the available field values for
4013 each field name. This enables clients to show pretty drop
4014 downs of available match values when filtering. The bash
4015 completion of journalctl has been updated
4016 accordingly. journalctl gained a new switch -F to list all
4017 values a certain field takes in the journal database.
4018
4019 * More service events are now written as structured messages
4020 to the journal, and made recognizable via message IDs.
4021
4022 * The timedated, localed and hostnamed mini-services which
4023 previously only provided support for changing time, locale
4024 and hostname settings from graphical DEs such as GNOME now
4025 also have a minimal (but very useful) text-based client
4026 utility each. This is probably the nicest way to changing
4027 these settings from the command line now, especially since
4028 it lists available options and is fully integrated with bash
4029 completion.
4030
4031 * There's now a new tool "systemd-coredumpctl" to list and
4032 extract coredumps from the journal.
4033
4034 * We now install a README each in /var/log/ and
4035 /etc/rc.d/init.d explaining where the system logs and init
4036 scripts went. This hopefully should help folks who go to
4037 that dirs and look into the otherwise now empty void and
4038 scratch their heads.
4039
4040 * When user-services are invoked (by systemd --user) the
4041 $MANAGERPID env var is set to the PID of systemd.
4042
4043 * SIGRTMIN+24 when sent to a --user instance will now result
4044 in immediate termination of systemd.
4045
4046 * gatewayd received numerous feature additions such as a
4047 "follow" mode, for live syncing and filtering.
4048
4049 * browse.html now allows filtering and showing detailed
4050 information on specific entries. Keyboard navigation and
4051 mouse screen support has been added.
4052
4053 * gatewayd/journalctl now supports HTML5/JSON
4054 Server-Sent-Events as output.
4055
1cb88f2c 4056 * The SysV init script compatibility logic will now
139ee8cc
LP		 4057 heuristically determine whether a script supports the
4058 "reload" verb, and only then make this available as
4059 "systemctl reload".
4060
15f47220 4061 * "systemctl status --follow" has been removed, use "journalctl
139ee8cc
LP		 4062 -u" instead.
4063
4064 * journald.conf's RuntimeMinSize=, PersistentMinSize= settings
4065 have been removed since they are hardly useful to be
4066 configured.
4067
4068 * And I'd like to take the opportunity to specifically mention
4069 Zbigniew for his great contributions. Zbigniew, you rock!
4070
4071 Contributions from: Andrew Eikum, Christian Hesse, Colin
4072 Guthrie, Daniel J Walsh, Dave Reisner, Eelco Dolstra, Ferenc
4d92e078
LP		 4073 Wágner, Kay Sievers, Lennart Poettering, Lukas Nykryn, Mantas
4074 Mikulėnas, Martin Mikkelsen, Martin Pitt, Michael Olbrich,
4075 Michael Stapelberg, Michal Schmidt, Sebastian Ott, Thomas
4076 Bächler, Umut Tezduyar, Will Woods, Wulf C. Krueger, Zbigniew
4077 Jędrzejewski-Szmek, Сковорода Никита Андреевич
139ee8cc 4078
f9b55720
LP		 4079CHANGES WITH 194:
4080
4081 * If /etc/vconsole.conf is non-existent or empty we will no
4082 longer load any console font or key map at boot by
4083 default. Instead the kernel defaults will be left
4084 intact. This is definitely the right thing to do, as no
4085 configuration should mean no configuration, and hard-coding
4086 font names that are different on all archs is probably a bad
4087 idea. Also, the kernel default key map and font should be
4088 good enough for most cases anyway, and mostly identical to
4089 the userspace fonts/key maps we previously overloaded them
4090 with. If distributions want to continue to default to a
4091 non-kernel font or key map they should ship a default
4092 /etc/vconsole.conf with the appropriate contents.
4093
4094 Contributions from: Colin Walters, Daniel J Walsh, Dave
4095 Reisner, Kay Sievers, Lennart Poettering, Lukas Nykryn, Tollef
4096 Fog Heen, Tom Gundersen, Zbigniew Jędrzejewski-Szmek
4097
597c52cf
LP		 4098CHANGES WITH 193:
4099
4100 * journalctl gained a new --cursor= switch to show entries
4101 starting from the specified location in the journal.
4102
4103 * We now enforce a size limit on journal entry fields exported
4104 with "-o json" in journalctl. Fields larger than 4K will be
4105 assigned null. This can be turned off with --all.
4106
4107 * An (optional) journal gateway daemon is now available as
4108 "systemd-journal-gatewayd.service". This service provides
4109 access to the journal via HTTP and JSON. This functionality
4110 will be used to implement live log synchronization in both
4111 pull and push modes, but has various other users too, such
4112 as easy log access for debugging of embedded devices. Right
4113 now it is already useful to retrieve the journal via HTTP:
4114
4115 # systemctl start systemd-journal-gatewayd.service
4116 # wget http://localhost:19531/entries
4117
4118 This will download the journal contents in a
4119 /var/log/messages compatible format. The same as JSON:
4120
4121 # curl -H"Accept: application/json" http://localhost:19531/entries
4122
4123 This service is also accessible via a web browser where a
4124 single static HTML5 app is served that uses the JSON logic
4125 to enable the user to do some basic browsing of the
4126 journal. This will be extended later on. Here's an example
4127 screenshot of this app in its current state:
4128
4129 http://0pointer.de/public/journal-gatewayd
4130
4131 Contributions from: Kay Sievers, Lennart Poettering, Robert
4132 Milasan, Tom Gundersen
4133
075d4ecb
LP		 4134CHANGES WITH 192:
4135
4136 * The bash completion logic is now available for journalctl
4137 too.
4138
d28315e4 4139 * We do not mount the "cpuset" controller anymore together with
075d4ecb
LP		 4140 "cpu" and "cpuacct", as "cpuset" groups generally cannot be
4141 started if no parameters are assigned to it. "cpuset" hence
4142 broke code that assumed it it could create "cpu" groups and
4143 just start them.
4144
4145 * journalctl -f will now subscribe to terminal size changes,
4146 and line break accordingly.
4147
597c52cf
LP		 4148 Contributions from: Dave Reisner, Kay Sievers, Lennart
4149 Poettering, Lukas Nykrynm, Mirco Tischler, Václav Pavlín
075d4ecb 4150
b6a86739
LP		 4151CHANGES WITH 191:
4152
4153 * nspawn will now create a symlink /etc/localtime in the
4154 container environment, copying the host's timezone
4155 setting. Previously this has been done via a bind mount, but
4156 since symlinks cannot be bind mounted this has now been
4157 changed to create/update the appropriate symlink.
4158
4159 * journalctl -n's line number argument is now optional, and
4160 will default to 10 if omitted.
4161
4162 * journald will now log the maximum size the journal files may
4163 take up on disk. This is particularly useful if the default
4164 built-in logic of determining this parameter from the file
4165 system size is used. Use "systemctl status
6563b535 4166 systemd-journald.service" to see this information.
b6a86739
LP		 4167
4168 * The multi-seat X wrapper tool has been stripped down. As X
4169 is now capable of enumerating graphics devices via udev in a
4170 seat-aware way the wrapper is not strictly necessary
4171 anymore. A stripped down temporary stop-gap is still shipped
4172 until the upstream display managers have been updated to
4173 fully support the new X logic. Expect this wrapper to be
6563b535 4174 removed entirely in one of the next releases.
b6a86739
LP		 4175
4176 * HandleSleepKey= in logind.conf has been split up into
4177 HandleSuspendKey= and HandleHibernateKey=. The old setting
6563b535 4178 is not available anymore. X11 and the kernel are
45afd519 4179 distinguishing between these keys and we should too. This
b6a86739
LP		 4180 also means the inhibition lock for these keys has been split
4181 into two.
4182
597c52cf
LP		 4183 Contributions from: Dave Airlie, Eelco Dolstra, Lennart
4184 Poettering, Lukas Nykryn, Václav Pavlín
b6a86739 4185
0c11f949
LP		 4186CHANGES WITH 190:
4187
d28315e4 4188 * Whenever a unit changes state we will now log this to the
0c11f949
LP		 4189 journal and show along the unit's own log output in
4190 "systemctl status".
4191
4192 * ConditionPathIsMountPoint= can now properly detect bind
4193 mount points too. (Previously, a bind mount of one file
8d0256b7 4194 system to another place in the same file system could not be
0c11f949
LP		 4195 detected as mount, since they shared struct stat's st_dev
4196 field.)
4197
4198 * We will now mount the cgroup controllers cpu, cpuacct,
4199 cpuset and the controllers net_cls, net_prio together by
4200 default.
4201
4202 * nspawn containers will now have a virtualized boot
4203 ID. (i.e. /proc/sys/kernel/random/boot_id is now mounted
4204 over with a randomized ID at container initialization). This
4205 has the effect of making "journalctl -b" do the right thing
4206 in a container.
4207
4208 * The JSON output journal serialization has been updated not
4209 to generate "endless" list objects anymore, but rather one
4210 JSON object per line. This is more in line how most JSON
4211 parsers expect JSON objects. The new output mode
4212 "json-pretty" has been added to provide similar output, but
4213 neatly aligned for readability by humans.
4214
4215 * We dropped all explicit sync() invocations in the shutdown
4216 code. The kernel does this implicitly anyway in the kernel
4217 reboot() syscall. halt(8)'s -n option is now a compatibility
4218 no-op.
4219
4220 * We now support virtualized reboot() in containers, as
4221 supported by newer kernels. We will fall back to exit() if
4222 CAP_SYS_REBOOT is not available to the container. Also,
4223 nspawn makes use of this now and will actually reboot the
4224 container if the containerized OS asks for that.
4225
4226 * journalctl will only show local log output by default
4227 now. Use --merge (-m) to show remote log output, too.
4228
4229 * libsystemd-journal gained the new sd_journal_get_usage()
4230 call to determine the current disk usage of all journal
4231 files. This is exposed in the new "journalctl --disk-usage"
4232 command.
4233
4234 * journald gained a new configuration setting SplitMode= in
4235 journald.conf which may be used to control how user journals
4236 are split off. See journald.conf(5) for details.
4237
4238 * A new condition type ConditionFileNotEmpty= has been added.
4239
4240 * tmpfiles' "w" lines now support file globbing, to write
4241 multiple files at once.
4242
4243 * We added Python bindings for the journal submission
4244 APIs. More Python APIs for a number of selected APIs will
4245 likely follow. Note that we intend to add native bindings
4246 only for the Python language, as we consider it common
4247 enough to deserve bindings shipped within systemd. There are
4248 various projects outside of systemd that provide bindings
4249 for languages such as PHP or Lua.
4250
a98d5d64
LP		 4251 * Many conditions will now resolve specifiers such as %i. In
4252 addition, PathChanged= and related directives of .path units
4253 now support specifiers as well.
0c11f949
LP		 4254
4255 * There's now a new RPM macro definition for the system preset
4256 dir: %_presetdir.
4257
d28315e4 4258 * journald will now warn if it ca not forward a message to the
dca348bc 4259 syslog daemon because its socket is full.
0c11f949
LP		 4260
4261 * timedated will no longer write or process /etc/timezone,
4262 except on Debian. As we do not support late mounted /usr
4263 anymore /etc/localtime always being a symlink is now safe,
4264 and hence the information in /etc/timezone is not necessary
4265 anymore.
4266
aaccc32c 4267 * logind will now always reserve one VT for a text getty (VT6
0c11f949
LP		 4268 by default). Previously if more than 6 X sessions where
4269 started they took up all the VTs with auto-spawned gettys,
4270 so that no text gettys were available anymore.
4271
4272 * udev will now automatically inform the btrfs kernel logic
4273 about btrfs RAID components showing up. This should make
4274 simple hotplug based btrfs RAID assembly work.
4275
4276 * PID 1 will now increase its RLIMIT_NOFILE to 64K by default
4277 (but not for its children which will stay at the kernel
4278 default). This should allow setups with a lot more listening
4279 sockets.
4280
4281 * systemd will now always pass the configured timezone to the
4282 kernel at boot. timedated will do the same when the timezone
4283 is changed.
4284
4285 * logind's inhibition logic has been updated. By default,
4286 logind will now handle the lid switch, the power and sleep
4287 keys all the time, even in graphical sessions. If DEs want
4288 to handle these events on their own they should take the new
4289 handle-power-key, handle-sleep-key and handle-lid-switch
f131770b 4290 inhibitors during their runtime. A simple way to achieve
0c11f949
LP		 4291 that is to invoke the DE wrapped in an invocation of:
4292
4293 systemd-inhibit --what=handle-power-key:handle-sleep-key:handle-lid-switch ...
4294
4295 * Access to unit operations is now checked via SELinux taking
4296 the unit file label and client process label into account.
4297
aad803af
LP		 4298 * systemd will now notify the administrator in the journal
4299 when he over-mounts a non-empty directory.
4300
4301 * There are new specifiers that are resolved in unit files,
4302 for the host name (%H), the machine ID (%m) and the boot ID
4303 (%b).
4304
b6a86739 4305 Contributions from: Allin Cottrell, Auke Kok, Brandon Philips,
0c11f949
LP		 4306 Colin Guthrie, Colin Walters, Daniel J Walsh, Dave Reisner,
4307 Eelco Dolstra, Jan Engelhardt, Kay Sievers, Lennart
4308 Poettering, Lucas De Marchi, Lukas Nykryn, Mantas Mikulėnas,
4309 Martin Pitt, Matthias Clasen, Michael Olbrich, Pierre Schmitz,
4310 Shawn Landden, Thomas Hindoe Paaboel Andersen, Tom Gundersen,
4311 Václav Pavlín, Yin Kangkai, Zbigniew Jędrzejewski-Szmek
4312
38a60d71
LP		 4313CHANGES WITH 189:
4314
4315 * Support for reading structured kernel messages from
4316 /dev/kmsg has now been added and is enabled by default.
4317
4318 * Support for reading kernel messages from /proc/kmsg has now
4319 been removed. If you want kernel messages in the journal
4320 make sure to run a recent kernel (>= 3.5) that supports
4321 reading structured messages from /dev/kmsg (see
4322 above). /proc/kmsg is now exclusive property of classic
4323 syslog daemons again.
4324
4325 * The libudev API gained the new
4326 udev_device_new_from_device_id() call.
4327
4328 * The logic for file system namespace (ReadOnlyDirectory=,
4329 ReadWriteDirectoy=, PrivateTmp=) has been reworked not to
4330 require pivot_root() anymore. This means fewer temporary
4331 directories are created below /tmp for this feature.
4332
4333 * nspawn containers will now see and receive all submounts
4334 made on the host OS below the root file system of the
4335 container.
4336
4337 * Forward Secure Sealing is now supported for Journal files,
4338 which provide cryptographical sealing of journal files so
4339 that attackers cannot alter log history anymore without this
4340 being detectable. Lennart will soon post a blog story about
4341 this explaining it in more detail.
4342
4343 * There are two new service settings RestartPreventExitStatus=
4344 and SuccessExitStatus= which allow configuration of exit
4345 status (exit code or signal) which will be excepted from the
4346 restart logic, resp. consider successful.
4347
4348 * journalctl gained the new --verify switch that can be used
4349 to check the integrity of the structure of journal files and
4350 (if Forward Secure Sealing is enabled) the contents of
4351 journal files.
4352
4353 * nspawn containers will now be run with /dev/stdin, /dev/fd/
4354 and similar symlinks pre-created. This makes running shells
4355 as container init process a lot more fun.
4356
4357 * The fstab support can now handle PARTUUID= and PARTLABEL=
4358 entries.
4359
4360 * A new ConditionHost= condition has been added to match
4361 against the hostname (with globs) and machine ID. This is
4362 useful for clusters where a single OS image is used to
4363 provision a large number of hosts which shall run slightly
4364 different sets of services.
4365
4366 * Services which hit the restart limit will now be placed in a
4367 failure state.
4368
b6a86739 4369 Contributions from: Bertram Poettering, Dave Reisner, Huang
38a60d71
LP		 4370 Hang, Kay Sievers, Lennart Poettering, Lukas Nykryn, Martin
4371 Pitt, Simon Peeters, Zbigniew Jędrzejewski-Szmek
4372
c269cec3
LP		 4373CHANGES WITH 188:
4374
4375 * When running in --user mode systemd will now become a
4376 subreaper (PR_SET_CHILD_SUBREAPER). This should make the ps
4377 tree a lot more organized.
4378
4379 * A new PartOf= unit dependency type has been introduced that
4380 may be used to group services in a natural way.
4381
4382 * "systemctl enable" may now be used to enable instances of
4383 services.
4384
4385 * journalctl now prints error log levels in red, and
4386 warning/notice log levels in bright white. It also supports
4387 filtering by log level now.
4388
4389 * cgtop gained a new -n switch (similar to top), to configure
4390 the maximum number of iterations to run for. It also gained
4391 -b, to run in batch mode (accepting no input).
4392
ab06eef8 4393 * The suffix ".service" may now be omitted on most systemctl
c269cec3
LP		 4394 command lines involving service unit names.
4395
4396 * There's a new bus call in logind to lock all sessions, as
4397 well as a loginctl verb for it "lock-sessions".
4398
4399 * libsystemd-logind.so gained a new call sd_journal_perror()
4400 that works similar to libc perror() but logs to the journal
4401 and encodes structured information about the error number.
4402
4403 * /etc/crypttab entries now understand the new keyfile-size=
4404 option.
4405
4406 * shutdown(8) now can send a (configurable) wall message when
4407 a shutdown is cancelled.
4408
4409 * The mount propagation mode for the root file system will now
4410 default to "shared", which is useful to make containers work
4411 nicely out-of-the-box so that they receive new mounts from
4412 the host. This can be undone locally by running "mount
4413 --make-rprivate /" if needed.
4414
4415 * The prefdm.service file has been removed. Distributions
4416 should maintain this unit downstream if they intend to keep
4417 it around. However, we recommend writing normal unit files
4418 for display managers instead.
4419
4420 * Since systemd is a crucial part of the OS we will now
4421 default to a number of compiler switches that improve
4422 security (hardening) such as read-only relocations, stack
4423 protection, and suchlike.
4424
4425 * The TimeoutSec= setting for services is now split into
4426 TimeoutStartSec= and TimeoutStopSec= to allow configuration
4427 of individual time outs for the start and the stop phase of
4428 the service.
4429
4430 Contributions from: Artur Zaprzala, Arvydas Sidorenko, Auke
4431 Kok, Bryan Kadzban, Dave Reisner, David Strauss, Harald Hoyer,
4432 Jim Meyering, Kay Sievers, Lennart Poettering, Mantas
4433 Mikulėnas, Martin Pitt, Michal Schmidt, Michal Sekletar, Peter
4434 Alfredsen, Shawn Landden, Simon Peeters, Terence Honles, Tom
4435 Gundersen, Zbigniew Jędrzejewski-Szmek
4436
c4f1b862
LP		 4437CHANGES WITH 187:
4438
4439 * The journal and id128 C APIs are now fully documented as man
4440 pages.
4441
4442 * Extra safety checks have been added when transitioning from
4443 the initial RAM disk to the main system to avoid accidental
4444 data loss.
4445
c269cec3 4446 * /etc/crypttab entries now understand the new keyfile-offset=
c4f1b862
LP		 4447 option.
4448
4449 * systemctl -t can now be used to filter by unit load state.
4450
4451 * The journal C API gained the new sd_journal_wait() call to
4452 make writing synchronous journal clients easier.
4453
4454 * journalctl gained the new -D switch to show journals from a
4455 specific directory.
4456
4457 * journalctl now displays a special marker between log
4458 messages of two different boots.
4459
4460 * The journal is now explicitly flushed to /var via a service
4461 systemd-journal-flush.service, rather than implicitly simply
4462 by seeing /var/log/journal to be writable.
4463
4464 * journalctl (and the journal C APIs) can now match for much
4465 more complex expressions, with alternatives and
4466 disjunctions.
4467
4468 * When transitioning from the initial RAM disk to the main
4469 system we will now kill all processes in a killing spree to
4470 ensure no processes stay around by accident.
4471
4472 * Three new specifiers may be used in unit files: %u, %h, %s
4473 resolve to the user name, user home directory resp. user
4474 shell. This is useful for running systemd user instances.
4475
4476 * We now automatically rotate journal files if their data
4477 object hash table gets a fill level > 75%. We also size the
4478 hash table based on the configured maximum file size. This
4479 together should lower hash collisions drastically and thus
4480 speed things up a bit.
4481
4482 * journalctl gained the new "--header" switch to introspect
4483 header data of journal files.
4484
4485 * A new setting SystemCallFilters= has been added to services
4486 which may be used to apply blacklists or whitelists to
4487 system calls. This is based on SECCOMP Mode 2 of Linux 3.5.
4488
4489 * nspawn gained a new --link-journal= switch (and quicker: -j)
4490 to link the container journal with the host. This makes it
4491 very easy to centralize log viewing on the host for all
4492 guests while still keeping the journal files separated.
4493
4494 * Many bugfixes and optimizations
4495
4496 Contributions from: Auke Kok, Eelco Dolstra, Harald Hoyer, Kay
4497 Sievers, Lennart Poettering, Malte Starostik, Paul Menzel, Rex
4498 Tsai, Shawn Landden, Tom Gundersen, Ville Skyttä, Zbigniew
4499 Jędrzejewski-Szmek
4500
b5b4c94a
LP		 4501CHANGES WITH 186:
4502
4503 * Several tools now understand kernel command line arguments,
4504 which are only read when run in an initial RAM disk. They
4505 usually follow closely their normal counterparts, but are
4506 prefixed with rd.
4507
4508 * There's a new tool to analyze the readahead files that are
4509 automatically generated at boot. Use:
4510
4511 /usr/lib/systemd/systemd-readahead analyze /.readahead
4512
4513 * We now provide an early debug shell on tty9 if this enabled. Use:
4514
d1f9edaf 4515 systemctl enable debug-shell.service
b5b4c94a
LP		 4516
4517 * All plymouth related units have been moved into the Plymouth
4518 package. Please make sure to upgrade your Plymouth version
4519 as well.
4520
4521 * systemd-tmpfiles now supports getting passed the basename of
4522 a configuration file only, in which case it will look for it
4523 in all appropriate directories automatically.
4524
4525 * udevadm info now takes a /dev or /sys path as argument, and
4526 does the right thing. Example:
4527
4528 udevadm info /dev/sda
4529 udevadm info /sys/class/block/sda
4530
4531 * systemctl now prints a warning if a unit is stopped but a
4532 unit that might trigger it continues to run. Example: a
4533 service is stopped but the socket that activates it is left
4534 running.
4535
4536 * "systemctl status" will now mention if the log output was
4537 shortened due to rotation since a service has been started.
4538
4539 * The journal API now exposes functions to determine the
4540 "cutoff" times due to rotation.
4541
4542 * journald now understands SIGUSR1 and SIGUSR2 for triggering
4543 immediately flushing of runtime logs to /var if possible,
4544 resp. for triggering immediate rotation of the journal
4545 files.
4546
4547 * It is now considered an error if a service is attempted to
4548 be stopped that is not loaded.
4549
4550 * XDG_RUNTIME_DIR now uses numeric UIDs instead of usernames.
4551
4552 * systemd-analyze now supports Python 3
4553
4554 * tmpfiles now supports cleaning up directories via aging
4555 where the first level dirs are always kept around but
4556 directories beneath it automatically aged. This is enabled
4557 by prefixing the age field with '~'.
4558
4559 * Seat objects now expose CanGraphical, CanTTY properties
4560 which is required to deal with very fast bootups where the
4561 display manager might be running before the graphics drivers
4562 completed initialization.
4563
4564 * Seat objects now expose a State property.
4565
4566 * We now include RPM macros for service enabling/disabling
4567 based on the preset logic. We recommend RPM based
4568 distributions to make use of these macros if possible. This
4569 makes it simpler to reuse RPM spec files across
4570 distributions.
4571
4572 * We now make sure that the collected systemd unit name is
4573 always valid when services log to the journal via
4574 STDOUT/STDERR.
4575
4576 * There's a new man page kernel-command-line(7) detailing all
4577 command line options we understand.
4578
4579 * The fstab generator may now be disabled at boot by passing
4580 fstab=0 on the kernel command line.
4581
91ac7425 4582 * A new kernel command line option modules-load= is now understood
b5b4c94a
LP		 4583 to load a specific kernel module statically, early at boot.
4584
4585 * Unit names specified on the systemctl command line are now
4586 automatically escaped as needed. Also, if file system or
4587 device paths are specified they are automatically turned
4588 into the appropriate mount or device unit names. Example:
4589
4590 systemctl status /home
4591 systemctl status /dev/sda
4592
4593 * The SysVConsole= configuration option has been removed from
4594 system.conf parsing.
4595
4596 * The SysV search path is no longer exported on the D-Bus
4597 Manager object.
4598
4599 * The Names= option is been removed from unit file parsing.
4600
4601 * There's a new man page bootup(7) detailing the boot process.
4602
4603 * Every unit and every generator we ship with systemd now
4604 comes with full documentation. The self-explanatory boot is
4605 complete.
4606
4607 * A couple of services gained "systemd-" prefixes in their
4608 name if they wrap systemd code, rather than only external
4609 code. Among them fsck@.service which is now
4610 systemd-fsck@.service.
4611
4612 * The HaveWatchdog property has been removed from the D-Bus
4613 Manager object.
4614
4615 * systemd.confirm_spawn= on the kernel command line should now
4616 work sensibly.
4617
4618 * There's a new man page crypttab(5) which details all options
4619 we actually understand.
4620
4621 * systemd-nspawn gained a new --capability= switch to pass
4622 additional capabilities to the container.
4623
4624 * timedated will now read known NTP implementation unit names
5b00c016 4625 from /usr/lib/systemd/ntp-units.d/*.list,
b5b4c94a
LP		 4626 systemd-timedated-ntp.target has been removed.
4627
4628 * journalctl gained a new switch "-b" that lists log data of
4629 the current boot only.
4630
4631 * The notify socket is in the abstract namespace again, in
4632 order to support daemons which chroot() at start-up.
4633
4634 * There is a new Storage= configuration option for journald
4635 which allows configuration of where log data should go. This
4636 also provides a way to disable journal logging entirely, so
4637 that data collected is only forwarded to the console, the
4638 kernel log buffer or another syslog implementation.
4639
c4f1b862 4640 * Many bugfixes and optimizations
b5b4c94a 4641
2d938ac7
LP		 4642 Contributions from: Auke Kok, Colin Guthrie, Dave Reisner,
4643 David Strauss, Eelco Dolstra, Kay Sievers, Lennart Poettering,
4644 Lukas Nykryn, Michal Schmidt, Michal Sekletar, Paul Menzel,
4645 Shawn Landden, Tom Gundersen
b5b4c94a 4646
2d197285 4647CHANGES WITH 185:
b6a86739 4648
2d197285
KS		 4649 * "systemctl help <unit>" now shows the man page if one is
4650 available.
4651
4652 * Several new man pages have been added.
4653
b5b4c94a
LP		 4654 * MaxLevelStore=, MaxLevelSyslog=, MaxLevelKMsg=,
4655 MaxLevelConsole= can now be specified in
4656 journald.conf. These options allow reducing the amount of
4657 data stored on disk or forwarded by the log level.
2d197285 4658
b5b4c94a
LP		 4659 * TimerSlackNSec= can now be specified in system.conf for
4660 PID1. This allows system-wide power savings.
2d197285
KS		 4661
4662 Contributions from: Dave Reisner, Kay Sievers, Lauri Kasanen,
4663 Lennart Poettering, Malte Starostik, Marc-Antoine Perennou,
4664 Matthias Clasen
4665
4c8cd173 4666CHANGES WITH 184:
b6a86739 4667
4c8cd173
LP		 4668 * logind is now capable of (optionally) handling power and
4669 sleep keys as well as the lid switch.
4670
4671 * journalctl now understands the syntax "journalctl
4672 /usr/bin/avahi-daemon" to get all log output of a specific
4673 daemon.
4674
4675 * CapabilityBoundingSet= in system.conf now also influences
4676 the capability bound set of usermode helpers of the kernel.
4677
4678 Contributions from: Daniel Drake, Daniel J. Walsh, Gert
4679 Michael Kulyk, Harald Hoyer, Jean Delvare, Kay Sievers,
4680 Lennart Poettering, Matthew Garrett, Matthias Clasen, Paul
4681 Menzel, Shawn Landden, Tero Roponen, Tom Gundersen
4682
ea5943d3 4683CHANGES WITH 183:
b6a86739 4684
187076d4
LP		 4685 * Note that we skipped 139 releases here in order to set the
4686 new version to something that is greater than both udev's
4687 and systemd's most recent version number.
4688
194bbe33
KS		 4689 * udev: all udev sources are merged into the systemd source tree now.
4690 All future udev development will happen in the systemd tree. It
4691 is still fully supported to use the udev daemon and tools without
4692 systemd running, like in initramfs or other init systems. Building
4693 udev though, will require the *build* of the systemd tree, but
ea5943d3 4694 udev can be properly *run* without systemd.
07cd4fc1 4695
91cf7e5c 4696 * udev: /lib/udev/devices/ are not read anymore; systemd-tmpfiles
f13b388f
KS		 4697 should be used to create dead device nodes as workarounds for broken
4698 subsystems.
64661ee7 4699
2d13da88
KS		 4700 * udev: RUN+="socket:..." and udev_monitor_new_from_socket() is
4701 no longer supported. udev_monitor_new_from_netlink() needs to be
4702 used to subscribe to events.
4703
194bbe33
KS		 4704 * udev: when udevd is started by systemd, processes which are left
4705 behind by forking them off of udev rules, are unconditionally cleaned
4706 up and killed now after the event handling has finished. Services or
4707 daemons must be started as systemd services. Services can be
ea5943d3 4708 pulled-in by udev to get started, but they can no longer be directly
194bbe33
KS		 4709 forked by udev rules.
4710
f13b388f
KS		 4711 * udev: the daemon binary is called systemd-udevd now and installed
4712 in /usr/lib/systemd/. Standalone builds or non-systemd systems need
4713 to adapt to that, create symlink, or rename the binary after building
4714 it.
4715
ea5943d3 4716 * libudev no longer provides these symbols:
c1959569
KS		 4717 udev_monitor_from_socket()
4718 udev_queue_get_failed_list_entry()
4719 udev_get_{dev,sys,run}_path()
ea5943d3 4720 The versions number was bumped and symbol versioning introduced.
c1959569 4721
ea5943d3 4722 * systemd-loginctl and systemd-journalctl have been renamed
9ae9afce 4723 to loginctl and journalctl to match systemctl.
18b754d3
KS		 4724
4725 * The config files: /etc/systemd/systemd-logind.conf and
4726 /etc/systemd/systemd-journald.conf have been renamed to
4727 logind.conf and journald.conf. Package updates should rename
4728 the files to the new names on upgrade.
4729
ea5943d3
LP		 4730 * For almost all files the license is now LGPL2.1+, changed
4731 from the previous GPL2.0+. Exceptions are some minor stuff
4732 of udev (which will be changed to LGPL2.1 eventually, too),
4733 and the MIT licensed sd-daemon.[ch] library that is suitable
4734 to be used as drop-in files.
4735
4736 * systemd and logind now handle system sleep states, in
49f43d5f 4737 particular suspending and hibernating.
ea5943d3
LP		 4738
4739 * logind now implements a sleep/shutdown/idle inhibiting logic
4740 suitable for a variety of uses. Soonishly Lennart will blog
4741 about this in more detail.
4742
4743 * var-run.mount and var-lock.mount are no longer provided
4744 (which prevously bind mounted these directories to their new
4745 places). Distributions which have not converted these
4746 directories to symlinks should consider stealing these files
4747 from git history and add them downstream.
4748
4749 * We introduced the Documentation= field for units and added
4750 this to all our shipped units. This is useful to make it
3943231c 4751 easier to explore the boot and the purpose of the various
ea5943d3
LP		 4752 units.
4753
4754 * All smaller setup units (such as
4755 systemd-vconsole-setup.service) now detect properly if they
4756 are run in a container and are skipped when
4757 appropriate. This guarantees an entirely noise-free boot in
4758 Linux container environments such as systemd-nspawn.
4759
4760 * A framework for implementing offline system updates is now
4761 integrated, for details see:
4762 http://freedesktop.org/wiki/Software/systemd/SystemUpdates
4763
4764 * A new service type Type=idle is available now which helps us
4765 avoiding ugly interleaving of getty output and boot status
4766 messages.
4767
439d6dfd
LP		 4768 * There's now a system-wide CapabilityBoundingSet= option to
4769 globally reduce the set of capabilities for the
ea5943d3
LP		 4770 system. This is useful to drop CAP_SYS_MKNOD, CAP_SYS_RAWIO,
4771 CAP_NET_RAW, CAP_SYS_MODULE, CAP_SYS_TIME, CAP_SYS_PTRACE or
4772 even CAP_NET_ADMIN system-wide for secure systems.
4773
4774 * There are now system-wide DefaultLimitXXX= options to
4775 globally change the defaults of the various resource limits
4776 for all units started by PID 1.
4777
4778 * Harald Hoyer's systemd test suite has been integrated into
4779 systemd which allows easy testing of systemd builds in qemu
4780 and nspawn. (This is really awesome! Ask us for details!)
4781
3943231c
LP		 4782 * The fstab parser is now implemented as generator, not inside
4783 of PID 1 anymore.
ea5943d3
LP		 4784
4785 * systemctl will now warn you if .mount units generated from
4786 /etc/fstab are out of date due to changes in fstab that
d28315e4 4787 have not been read by systemd yet.
ea5943d3
LP		 4788
4789 * systemd is now suitable for usage in initrds. Dracut has
4790 already been updated to make use of this. With this in place
4791 initrds get a slight bit faster but primarily are much
4792 easier to introspect and debug since "systemctl status" in
4793 the host system can be used to introspect initrd services,
4794 and the journal from the initrd is kept around too.
4795
4796 * systemd-delta has been added, a tool to explore differences
4797 between user/admin configuration and vendor defaults.
4798
4799 * PrivateTmp= now affects both /tmp and /var/tmp.
4800
4801 * Boot time status messages are now much prettier and feature
4802 proper english language. Booting up systemd has never been
4803 so sexy.
4804
4805 * Read-ahead pack files now include the inode number of all
4806 files to pre-cache. When the inode changes the pre-caching
4807 is not attempted. This should be nicer to deal with updated
4808 packages which might result in changes of read-ahead
4809 patterns.
4810
4811 * We now temporaritly lower the kernel's read_ahead_kb variable
4812 when collecting read-ahead data to ensure the kernel's
4813 built-in read-ahead does not add noise to our measurements
4814 of necessary blocks to pre-cache.
4815
4816 * There's now RequiresMountsFor= to add automatic dependencies
4817 for all mounts necessary for a specific file system path.
4818
4819 * MountAuto= and SwapAuto= have been removed from
4820 system.conf. Mounting file systems at boot has to take place
4821 in systemd now.
4822
4823 * nspawn now learned a new switch --uuid= to set the machine
4824 ID on the command line.
4825
f8c0a2cb 4826 * nspawn now learned the -b switch to automatically search
ea5943d3
LP		 4827 for an init system.
4828
4829 * vt102 is now the default TERM for serial TTYs, upgraded from
4830 vt100.
4831
4832 * systemd-logind now works on VT-less systems.
4833
4834 * The build tree has been reorganized. The individual
3943231c 4835 components now have directories of their own.
ea5943d3
LP		 4836
4837 * A new condition type ConditionPathIsReadWrite= is now available.
4838
4839 * nspawn learned the new -C switch to create cgroups for the
4840 container in other hierarchies.
4841
4842 * We now have support for hardware watchdogs, configurable in
4843 system.conf.
4844
4845 * The scheduled shutdown logic now has a public API.
4846
4847 * We now mount /tmp as tmpfs by default, but this can be
4848 masked and /etc/fstab can override it.
4849
d28315e4 4850 * Since udisks does not make use of /media anymore we are not
ea5943d3
LP		 4851 mounting a tmpfs on it anymore.
4852
4853 * journalctl gained a new --local switch to only interleave
4854 locally generated journal files.
4855
4856 * We can now load the IMA policy at boot automatically.
4857
4858 * The GTK tools have been split off into a systemd-ui.
4859
79849bf9
LP		 4860 Contributions from: Andreas Schwab, Auke Kok, Ayan George,
4861 Colin Guthrie, Daniel Mack, Dave Reisner, David Ward, Elan
4862 Ruusamäe, Frederic Crozat, Gergely Nagy, Guillermo Vidal,
4863 Hannes Reinecke, Harald Hoyer, Javier Jardón, Kay Sievers,
4864 Lennart Poettering, Lucas De Marchi, Léo Gillot-Lamure,
4865 Marc-Antoine Perennou, Martin Pitt, Matthew Monaco, Maxim
4866 A. Mikityanskiy, Michael Biebl, Michael Olbrich, Michal
4867 Schmidt, Nis Martensen, Patrick McCarty, Roberto Sassu, Shawn
4868 Landden, Sjoerd Simons, Sven Anders, Tollef Fog Heen, Tom
4869 Gundersen
4870
16f1239e 4871CHANGES WITH 44:
b6a86739 4872
16f1239e
LP		 4873 * This is mostly a bugfix release
4874
4875 * Support optional initialization of the machine ID from the
4876 KVM or container configured UUID.
4877
4878 * Support immediate reboots with "systemctl reboot -ff"
4879
4880 * Show /etc/os-release data in systemd-analyze output
4881
ab06eef8 4882 * Many bugfixes for the journal, including endianness fixes and
16f1239e
LP		 4883 ensuring that disk space enforcement works
4884
4885 * sd-login.h is C++ comptaible again
4886
4887 * Extend the /etc/os-release format on request of the Debian
4888 folks
4889
4890 * We now refuse non-UTF8 strings used in various configuration
d28315e4 4891 and unit files. This is done to ensure we do not pass invalid
16f1239e
LP		 4892 data over D-Bus or expose it elsewhere.
4893
4894 * Register Mimo USB Screens as suitable for automatic seat
4895 configuration
4896
4897 * Read SELinux client context from journal clients in a race
4898 free fashion
4899
4900 * Reorder configuration file lookup order. /etc now always
4901 overrides /run in order to allow the administrator to always
4902 and unconditionally override vendor supplied or
4903 automatically generated data.
4904
4905 * The various user visible bits of the journal now have man
4906 pages. We still lack man pages for the journal API calls
4907 however.
4908
4909 * We now ship all man pages in HTML format again in the
4910 tarball.
4911
4912 Contributions from: Dave Reisner, Dirk Eibach, Frederic
4913 Crozat, Harald Hoyer, Kay Sievers, Lennart Poettering, Marti
4914 Raudsepp, Michal Schmidt, Shawn Landden, Tero Roponen, Thierry
4915 Reding
4916
437b7dee 4917CHANGES WITH 43:
b6a86739 4918
437b7dee
LP		 4919 * This is mostly a bugfix release
4920
4921 * systems lacking /etc/os-release are no longer supported.
4922
4923 * Various functionality updates to libsystemd-login.so
4924
45afd519 4925 * Track class of PAM logins to distinguish greeters from
437b7dee
LP		 4926 normal user logins.
4927
4928 Contributions from: Kay Sievers, Lennart Poettering, Michael
4929 Biebl
4930
204fa33c 4931CHANGES WITH 42:
b6a86739 4932
204fa33c
LP		 4933 * This is an important bugfix release for v41.
4934
4935 * Building man pages is now optional which should be useful
4936 for those building systemd from git but unwilling to install
4937 xsltproc.
4938
4939 * Watchdog support for supervising services is now usable. In
4940 a future release support for hardware watchdogs
4941 (i.e. /dev/watchdog) will be added building on this.
4942
4943 * Service start rate limiting is now configurable and can be
4944 turned off per service. When a start rate limit is hit a
4945 reboot can automatically be triggered.
4946
4947 * New CanReboot(), CanPowerOff() bus calls in systemd-logind.
4948
4949 Contributions from: Benjamin Franzke, Bill Nottingham,
4950 Frederic Crozat, Lennart Poettering, Michael Olbrich, Michal
4951 Schmidt, Michał Górny, Piotr Drąg
4952
e0d25329 4953CHANGES WITH 41:
b6a86739 4954
e0d25329
KS		 4955 * The systemd binary is installed /usr/lib/systemd/systemd now;
4956 An existing /sbin/init symlink needs to be adapted with the
4957 package update.
4958
b13df964
LP		 4959 * The code that loads kernel modules has been ported to invoke
4960 libkmod directly, instead of modprobe. This means we do not
4961 support systems with module-init-tools anymore.
4962
4963 * Watchdog support is now already useful, but still not
4964 complete.
4965
4966 * A new kernel command line option systemd.setenv= is
4967 understood to set system wide environment variables
4968 dynamically at boot.
4969
e9c1ea9d 4970 * We now limit the set of capabilities of systemd-journald.
ccd07a08 4971
353e12c2
LP		 4972 * We now set SIGPIPE to ignore by default, since it only is
4973 useful in shell pipelines, and has little use in general
4974 code. This can be disabled with IgnoreSIPIPE=no in unit
4975 files.
4976
b13df964
LP		 4977 Contributions from: Benjamin Franzke, Kay Sievers, Lennart
4978 Poettering, Michael Olbrich, Michal Schmidt, Tom Gundersen,
4979 William Douglas
4980
d26e4270 4981CHANGES WITH 40:
b6a86739 4982
d26e4270
LP		 4983 * This is mostly a bugfix release
4984
4985 * We now expose the reason why a service failed in the
4986 "Result" D-Bus property.
4987
4988 * Rudimentary service watchdog support (will be completed over
4989 the next few releases.)
4990
4991 * When systemd forks off in order execute some service we will
4992 now immediately changes its argv[0] to reflect which process
4993 it will execute. This is useful to minimize the time window
4994 with a generic argv[0], which makes bootcharts more useful
4995
b13df964
LP		 4996 Contributions from: Alvaro Soliverez, Chris Paulson-Ellis, Kay
4997 Sievers, Lennart Poettering, Michael Olbrich, Michal Schmidt,
4998 Mike Kazantsev, Ray Strode
4999
220a21d3 5000CHANGES WITH 39:
b6a86739 5001
220a21d3
LP		 5002 * This is mostly a test release, but incorporates many
5003 bugfixes.
5004
5005 * New systemd-cgtop tool to show control groups by their
5006 resource usage.
5007
5008 * Linking against libacl for ACLs is optional again. If
5009 disabled, support tracking device access for active logins
5010 goes becomes unavailable, and so does access to the user
5011 journals by the respective users.
5012
5013 * If a group "adm" exists, journal files are automatically
5014 owned by them, thus allow members of this group full access
5015 to the system journal as well as all user journals.
5016
5017 * The journal now stores the SELinux context of the logging
5018 client for all entries.
5019
5020 * Add C++ inclusion guards to all public headers
5021
5022 * New output mode "cat" in the journal to print only text
5023 messages, without any meta data like date or time.
5024
5025 * Include tiny X server wrapper as a temporary stop-gap to
5026 teach XOrg udev display enumeration. This is used by display
5027 managers such as gdm, and will go away as soon as XOrg
5028 learned native udev hotplugging for display devices.
5029
5030 * Add new systemd-cat tool for executing arbitrary programs
5031 with STDERR/STDOUT connected to the journal. Can also act as
5032 BSD logger replacement, and does so by default.
5033
5034 * Optionally store all locally generated coredumps in the
5035 journal along with meta data.
5036
5037 * systemd-tmpfiles learnt four new commands: n, L, c, b, for
5038 writing short strings to files (for usage for /sys), and for
5039 creating symlinks, character and block device nodes.
5040
5041 * New unit file option ControlGroupPersistent= to make cgroups
5042 persistent, following the mechanisms outlined in
5043 http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups
5044
5045 * Support multiple local RTCs in a sane way
5046
5047 * No longer monopolize IO when replaying readahead data on
5048 rotating disks, since we might starve non-file-system IO to
5049 death, since fanotify() will not see accesses done by blkid,
5050 or fsck.
5051
d28315e4 5052 * Do not show kernel threads in systemd-cgls anymore, unless
220a21d3
LP		 5053 requested with new -k switch.
5054
5055 Contributions from: Dan Horák, Kay Sievers, Lennart
5056 Poettering, Michal Schmidt
5057
5058CHANGES WITH 38:
b6a86739 5059
220a21d3
LP		 5060 * This is mostly a test release, but incorporates many
5061 bugfixes.
5062
5063 * The git repository moved to:
5064 git://anongit.freedesktop.org/systemd/systemd
5065 ssh://git.freedesktop.org/git/systemd/systemd
5066
5067 * First release with the journal
5068 http://0pointer.de/blog/projects/the-journal.html
5069
5070 * The journal replaces both systemd-kmsg-syslogd and
5071 systemd-stdout-bridge.
5072
5073 * New sd_pid_get_unit() API call in libsystemd-logind
5074
5075 * Many systemadm clean-ups
5076
5077 * Introduce remote-fs-pre.target which is ordered before all
5078 remote mounts and may be used to start services before all
5079 remote mounts.
5080
5081 * Added Mageia support
5082
5083 * Add bash completion for systemd-loginctl
5084
5085 * Actively monitor PID file creation for daemons which exit in
5086 the parent process before having finished writing the PID
5087 file in the daemon process. Daemons which do this need to be
5088 fixed (i.e. PID file creation must have finished before the
5089 parent exits), but we now react a bit more gracefully to them.
5090
5091 * Add colourful boot output, mimicking the well-known output
5092 of existing distributions.
5093
5094 * New option PassCredentials= for socket units, for
5095 compatibility with a recent kernel ABI breakage.
5096
5097 * /etc/rc.local is now hooked in via a generator binary, and
5098 thus will no longer act as synchronization point during
5099 boot.
5100
5101 * systemctl list-unit-files now supports --root=.
5102
5103 * systemd-tmpfiles now understands two new commands: z, Z for
5104 relabelling files according to the SELinux database. This is
5105 useful to apply SELinux labels to specific files in /sys,
5106 among other things.
5107
5108 * Output of SysV services is now forwarded to both the console
5109 and the journal by default, not only just the console.
5110
5111 * New man pages for all APIs from libsystemd-login.
5112
5113 * The build tree got reorganized and a the build system is a
5114 lot more modular allowing embedded setups to specifically
5115 select the components of systemd they are interested in.
5116
5117 * Support for Linux systems lacking the kernel VT subsystem is
5118 restored.
5119
5120 * configure's --with-rootdir= got renamed to
5121 --with-rootprefix= to follow the naming used by udev and
5122 kmod
5123
d28315e4 5124 * Unless specified otherwise we will now install to /usr instead
220a21d3
LP		 5125 of /usr/local by default.
5126
5127 * Processes with '@' in argv[0][0] are now excluded from the
5128 final shut-down killing spree, following the logic explained
5129 in:
5130 http://www.freedesktop.org/wiki/Software/systemd/RootStorageDaemons
5131
5132 * All processes remaining in a service cgroup when we enter
5133 the START or START_PRE states are now killed with
5134 SIGKILL. That means it is no longer possible to spawn
5135 background processes from ExecStart= lines (which was never
5136 supported anyway, and bad style).
5137
5138 * New PropagateReloadTo=/PropagateReloadFrom= options to bind
5139 reloading of units together.
5140
4c8cd173 5141 Contributions from: Bill Nottingham, Daniel J. Walsh, Dave
220a21d3
LP		 5142 Reisner, Dexter Morgan, Gregs Gregs, Jonathan Nieder, Kay
5143 Sievers, Lennart Poettering, Michael Biebl, Michal Schmidt,
5144 Michał Górny, Ran Benita, Thomas Jarosch, Tim Waugh, Tollef
5145 Fog Heen, Tom Gundersen, Zbigniew Jędrzejewski-Szmek
Unnamed repository; edit this file 'description' to name the repository.